Thanks, Jason. 1. This is odd. I used the script. And explicitly recall it asking about git clean.
2. I was worried about this. I have multiple keys. 3. I'll update the script to use sha512sum. Will re-roll later. Best Evan Jones Website: www.ea-jones.com On Sat, Mar 23, 2024 at 9:55 AM Jason Young <j...@apache.org> wrote: > -1 from me > > 1. (blocking) Source artifacts should contain only files tracked by git > but there are build files, log files, and .vscode. The > make-release-artifacts.sh script should do this, so maybe this is an issue > with the script. Otherwise you can remove these files with `git clean -dxf` > > 2. (blocking) I cannot verify the signatures, I am running: > gpg --import KEYS > gpg --verify *.asc > > gpg is using RSA key 1750ADB4640DCF780D97CE2FDC659A327EC07063 to verify, > which I'm guessing is a different GPG key on your machine > > 3. (non-blocking) When I check the hashes with shasum it throws "no > properly formatted SHA checksum lines found". I recalculated and compared > the hashes and they are correct but formatted differently. > > Your hashes were generated with gpg --print-md, and I couldn't figure out > how to programmatically check this format. Also, Apache recommends shasum > for SHA-512 release hashs. > https://infra.apache.org/release-signing.html#sha-checksum > > [Y] Build and Unit Tests Pass > [Y] Integration Tests Pass > [N] Signatures and Hashes Match Keys > [Y] LICENSE, and NOTICE Files in Source and Binary Release Packages > [Y] LICENSE, and NOTICE are consistent with ASF and Incubator Policy > [Y] CHANGELOG included with release distribution > [Y] All Source Files Have Correct ASF Headers > [N] No Binary Files in Source Release Packages > > -Jason > > On 2024/03/22 00:58:41 Evan Jones wrote: > > Hi Folks, > > > > Please VOTE on the Apache Flagon UserALEjs 2.4.0 Release Candidate # 02. > > > > About Flagon: http://flagon.apache.org/ > > > > This Minor release includes : > > * Refactors Map and Filter APIs as generalized callbacks for > > functionality > > * Updates packages and dependencies > > * Adds additional examples (callback functions) > > * Updates to update deprecated downstream dev dependencies > > * Changes to documentation, updated examples > > * New browser extension setting, password, for basic auth. > > * New log fields httpSessionId and browserSessionId > > * Callbacks for auth headers and custom headers. > > * Example json schema added. > > > > Git source tag (2.4.0-rc02): > > https://github.com/apache/flagon-useralejs/tree/2.4.0-rc02 > > > > Staging repo: https://dist.apache.org/repos/dist/dev/flagon/ > > > > Source Release Artifacts: > > > https://dist.apache.org/repos/dist/dev/flagon/apache-flagon-useralejs-2.4.0-RC-02/ > > > > PGP release keys (signed using {8/16 char sigID}): > > https://github.com/apache/flagon-useralejs/blob/master/KEYS > > > > Link to Successful Github Actions tests: > > https://github.com/apache/flagon-useralejs/actions/runs/8383064872 > > > > Vote will be open for 72 hours. Please VOTE as follows: > > > > [ ] +1, let's get it released!!! > > [ ] +/-0, fine, but consider to fix few issues before... > > [ ] -1, nope, because... (and please explain why) > > > > Along with your VOTE, please indicate testing and checks you've made > > against build artifacts, src, and documentation: > > > > [ ] Build and Unit Tests Pass > > [ ] Integration Tests Pass > > [ ] Signatures and Hashes Match Keys > > [ ] LICENSE, and NOTICE Files in Source and Binary Release Packages > > [ ] LICENSE, and NOTICE are consistent with ASF and Incubator Policy > > [ ] CHANGELOG included with release distribution > > [ ] All Source Files Have Correct ASF Headers > > [ ] No Binary Files in Source Release Packages > > > > Thank you to everyone that is able to VOTE as well as everyone that > > contributed to Apache Flagon 2.4.0. > > > > Best, > > Evan Jones > > >