+1 I tested a build with JDK 11 and Maven 3.9.1 and all the unit tests pass. I did not check ITs. I did see that there was a problem with an out-of-date impsort plugin, but I skipped that, since it's not important, with -Dimport.skip
I also checked checksums and signatures, and verified that jars have corresponding source and javadoc jars. I also checked that all the jars contained expected content (in their appropriate org.apache.fluo package) and that the source tarball matches the contents of the git commit that will be tagged. The artifacts were signed with the key matching the fingerprint CF72CA07C8BC86A1C862765F9AACFB56352ACF76 (there are two listed in the original post... that's probably user error, since the build script will list all the ones it finds, and depend on the release manager to strip out the non-relevant ones. My best guess is the other one is probably a subkey fingerprint, which is usually the case.) On Sat, Apr 15, 2023 at 9:05 PM Drew Farris <d...@apache.org> wrote: > > +1 - I successfully built and ran tests, pulled artifacts from the staging > repo and verified hashes > > > > > > > On Thu, Apr 13, 2023 at 4:46 PM Christopher <ctubb...@apache.org> wrote: > > > Haven't yet finished my testing of this RC. Plan to do it soon. But, I > > just wanted to mention to Bill that his koverse email went to > > moderation. I happened to see it mixed in with 18 spam messages (I > > asked INFRA for help with that at > > https://issues.apache.org/jira/browse/INFRA-24463). I approved the > > email in the dashboard, so I don't think it will require moderation > > again for this list... but if you send an email from that address > > instead of your apache.org one to the private list and don't get a > > response, that might be the reason. You should have access to > > self-moderate at webmod.apache.org to get yours through, though, if > > that does happen. > > > > On Thu, Apr 13, 2023 at 3:37 PM Bill Slacum <billsla...@koverse.com> > > wrote: > > > > > > +1 Tested this out with our stack. We’ve been running the SNAPSHOT for a > > couple years (!!), and added in authorizations back in October. Feels > > stable for us! > > > > > > On 2023/04/13 01:31:39 Keith Turner wrote: > > > > +1 > > > > > > > > I successfully ran a quick test with stresso and verified all of the > > > > signatures and hashes. > > > > > > > > On Mon, Apr 10, 2023 at 11:01 PM Keith Turner <kt...@apache.org> > > wrote: > > > > > > > > > > Fluo Developers, > > > > > > > > > > Please consider the following candidate for Apache Fluo 2.0.0. It > > has > > > > > been a long time since the last release and there are lots of good > > > > > unreleased changes. > > > > > > > > > > Git Commit: > > > > > 47629488efacf2c223c8a6c32355fb443ed5bab1 > > > > > Branch: > > > > > https://github.com/apache/fluo/tree/2.0.0-rc1 > > > > > > > > > > If this vote passes, a gpg-signed tag will be created using: > > > > > git tag -f -m 'Apache Fluo 2.0.0' -s rel/fluo-2.0.0 \ > > > > > 47629488efacf2c223c8a6c32355fb443ed5bab1 > > > > > > > > > > Staging repo: > > https://repository.apache.org/content/repositories/orgapachefluo-1026 > > > > > Source (official release artifact): > > > > > > > https://repository.apache.org/content/repositories/orgapachefluo-1026/org/apache/fluo/fluo/2.0.0/fluo-2.0.0-source-release.tar.gz > > > > > Binary: > > https://repository.apache.org/content/repositories/orgapachefluo-1026/org/apache/fluo/fluo/2.0.0/fluo-2.0.0-bin.tar.gz > > > > > (Append ".sha1", ".md5", or ".asc" to download the signature/hash for > > > > > a given artifact.) > > > > > > > > > > In addition to the tarballs, and their signatures, the following > > checksum > > > > > files will be added to the dist/release SVN area after release: > > > > > fluo-2.0.0-source-release.tar.gz.sha512 will contain: > > > > > SHA512 (fluo-2.0.0-source-release.tar.gz) = > > > > > > > 619de32afad06f16663066de8cb7303d96cba2ef68f9d27f48f15d7c01f92456e5f0da04dec5a0a0398ce7896811467fd53aa8f5bb13da5bfeb79854458bf4a0 > > > > > fluo-2.0.0-bin.tar.gz.sha512 will contain: > > > > > SHA512 (fluo-2.0.0-bin.tar.gz) = > > > > > > > 79c4706ca18cbbbf2883f7371a36529de8182be7afd5f3cbf70c4bd9d6c577d63db90d1f17cfdb5a3108dbe25b5bc5423a5936f1505d6b1dba7ff96a0fbcaf7e > > > > > > > > > > Signing keys are available at https://www.apache.org/dist/fluo/KEYS > > > > > (Expected fingerprint: CF72CA07C8BC86A1C862765F9AACFB56352ACF76 > > > > > 1D51C0411ADD96BCE3B13DC78F10B6F6F299A8F3) > > > > > > > > > > Work has not started on the release notes yet. For an overview of > > > > > changes since the last release see > > > > > https://github.com/apache/fluo/milestone/8?closed=1 > > > > > > > > > > Release testing instructions: > > > > > https://fluo.apache.org/release-process/#test-a-fluo-release > > > > > > > > > > Please vote one of: > > > > > [ ] +1 - I have verified and accept... > > > > > [ ] +0 - I have reservations, but not strong enough to vote > > against... > > > > > [ ] -1 - Because..., I do not accept... > > > > > ... these artifacts as the 2.0.0 release of Apache Fluo. > > > > > > > > > > This vote will remain open until at least Fri Apr 14 03:00:00 UTC > > 2023. > > > > > (Thu Apr 13 23:00:00 EDT 2023 / Thu Apr 13 20:00:00 PDT 2023) > > > > > Voting can continue after this deadline until the release manager > > > > > sends an email ending the vote. > > > > > > > > > > Thanks! > > > > > > > > > > P.S. Hint: download the whole staging repo with > > > > > wget -erobots=off -r -l inf -np -nH \ > > > > > > > https://repository.apache.org/content/repositories/orgapachefluo-1026/ > > > > > # note the trailing slash is needed > > > > > >
