The source distro builds (mvn clean install) for me on Mac OS X 10.10.5 using
Java 1.8.0_40 and Maven 3.3.9. Lots of Javadoc warnings (especially those weird
ones about @propertyGetter, @propertySetter and @propertyDescription) but they
are nothing new. Checksums verify for source distro. Andy's sig looks good,
except...
/tmp gpg --fingerprint 9CC7ECFE
pub 4096R/9CC7ECFE 2014-06-16 [revoked: 2016-08-16]
Key fingerprint = F0BA C675 207A 38AB F863 DAEA 1FD1 063C 9CC7 ECFE
uid [ revoked] Andy Seaborne (Code signing key) <[email protected]>
It seems that Andy, you signed with "9CC7ECFE", and if I interpret
"http://pgpkeys.mit.edu/pks/lookup?search=Seaborne&op=vindex"; correctly (a big
"if") you revoked that key on 2016-08-16? Am I misreading that?
On a side note, I get:
ERROR: cannot verify dist.apache.org's certificate, issued by `/C=US/O=Symantec
Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA -
G4':
Unable to locally verify the issuer's authority.
from dist.apache.org and I had to go with wget's --no-check-certificate. Should
I raise a ticket with infrastructure about that?
---
A. Soroka
The University of Virginia Library
> On Nov 2, 2016, at 5:39 PM, Andy Seaborne <[email protected]> wrote:
>
> Hi,
>
> Here is a vote on a release of Jena 3.1.1
> (with Fuseki 2.4.1 and Fuseki 1.4.1).
>
> This is the first proposed candidate for this release.
>
> * Dependency changes:
>
> New module:
> jena-fuseki2/jena-fuseki-embedded
>
> Updates:
> com.github.jsonld-java:jsonld-java 0.7.0 -> 0.8.3
>
> org.apache.httpcomponents:httpClient 4.2.6 -> 4.5.2
> org.apache.httpcomponents:httpCache 4.2.6 -> 4.5.2
> org.apache.httpcomponents:httpCore 4.2.5 -> 4.4.4
>
> com.jayway.awaitility:awaitility 1.6.4 -> 1.7.0
> com.spatial4j:spatial4j 0.4.1 -> 0.5
> org.slf4j:* 1.7.20 -> 1.7.21
> commons-codec:commons-codec 1.9 -> 1.10
> org.apache.commons:commons-collections4 4.0 -> 4.1
> org.apache.commons:commons-csv 1.0 -> 1.3
> org.apache.commons:commons-lang3 3.3.2 -> 3.4
> org.apache.thrift:libthrift 0.9.2 -> 0.9.3
> org.apache.mrunit:mrunit 1.0.0 -> 1.1.0
> com.github.rvesse:airline 2.1.0 -> 2.1.1
>
>
> Key features of the release:
>
> * Completed F&O XPath3 functions
> JENA-508 - Alessandro Seganti
>
> * ComplexPhraseQueryParser
> JENA-1180 - Andrew Dolby
>
> * Additional vocabularies (DCAT, VoID, ROV, ORG)
> JENA-1206 - Bart Hanssens
>
> * Improvement to the Fuseki service script for RHEL/Centos 6.
> JENA-1219 - Dan Pritts
>
> * ORDER BY now cancelable.
>
> * Txn : a highlevel API for working with transactions
> http://jena.staging.apache.org/documentation/txn/txn.html
>
> * Embedded Fuseki
> http://jena.staging.apache.org/documentation/fuseki2/fuseki-embedded.html
>
> * Property path speed ups (JENA-1195)
>
> * Upgrade to Apache HttpClient v4.3 API
> => auth changes cause API changes.
>
>
> Everyone, not just committers, is invited to test and vote.
>
> Staging repository:
> https://repository.apache.org/content/repositories/orgapachejena-1014/
>
> Proposed dist/ area:
> https://dist.apache.org/repos/dist/dev/jena/
>
> Keys:
> https://svn.apache.org/repos/asf/jena/dist/KEYS
>
> Git commit (browser URL):
> https://git-wip-us.apache.org/repos/asf/jena/commit/9be9e53f40
>
> Git Commit Hash:
> 9be9e53f40eb3b043f72332db2d49d89e9f3d4ba
>
> Git Commit Tag:
> jena-3.1.1-rc1
>
> Please vote to approve this release:
>
> [ ] +1 Approve the release
> [ ] 0 Don't care
> [ ] -1 Don't release, because ...
>
> This vote will be open to at least
>
> Saturday, 5 Nov 2016, 23:59 UTC
>
> If you expect to check the release but the 72 hour limit does not work
> for you, please email within the schedule above with an expected time
> and we can extend the vote period.
>
> Thanks,
>
> Andy
>
> Checking needed:
>
> + does everything work on Linux?
> + does everything work on MS Windows?
> + does everything work on OS X?
> + are the GPG signatures fine?
> + are the checksums correct?
> + is there a source archive?
> + can the source archive really be built?
> + is there a correct LICENSE and NOTICE file in each artifact
> (both source and binary artifacts)?
> + does the NOTICE file contain all necessary attributions?
> + have any licenses of dependencies changed due to upgrades?
> if so have LICENSE and NOTICE been upgraded appropriately?
> + does the tag/commit in the SCM contain reproducible sources?
