+1 (non-binding)
Chris
[OK] Download all staged artifacts under the url specified in the release vote
email into a directory we’ll now call download-dir.
[MINOR] Verify the signature is correct: Additional Apache tutorial on how to
verify downloads can be found here.
[OK] Check if the signature references an Apache email address.
[MINOR] Verify the SHA512 hashes:
[OK] Unzip the archive
[OK] Verify the existence of LICENSE, NOTICE, README files in the extracted
source bundle.
[MINOR] Verify the content of LICENSE, NOTICE, README files in the extracted
source bundle.
[MINOR] Run RAT externally to ensure there are no surprises.
[MINOR] Search for SNAPSHOT references
[OK] Search for Copyright references, and if they are in headers, make sure
these files containing them are mentioned in the LICENSE file.
[OK] Build the project according to the information in the README.md file.
Remarks:
- The signature is correct, but no secure trust chain could be established
(Possibly worth attending a Key-Signing-Party as soon as they are happening
again)
- There are no SHA512 hashes, I validated against the SHA1 hashes instead
- Two CERN files weren't listed in the LICENSE (KeyTypeValueTypeProcedure ,
ValueTypeComparator)
- One CERN file still has a double CERN/Apache Header (NegativeBinomial)
- The community modules all contain SNAPSHOT references as they weren't enabled
in the release
- The distribution references SNAPSHOT versions of community modules (However
not in an always-on profile)
Am 11.09.20, 19:18 schrieb "Andrew Musselman" <andrew.mussel...@gmail.com>:
My bad, RC7 out now!
Binaries:
https://repository.apache.org/content/repositories/orgapachemahout-1066/org/apache/mahout/apache-mahout-distribution/14.1/
Source:
https://repository.apache.org/content/repositories/orgapachemahout-1066/org/apache/mahout/mahout/14.1/
On Fri, Sep 11, 2020 at 1:04 AM Christofer Dutz <christofer.d...@c-ware.de>
wrote:
> Hi,
>
> Sad to see you didn't merge my changes in "issue/MAHOUT-2117" back to
> master before cutting the next RC :-(
>
> So I'm not going to vote this time as the result would be the same as last
> time ...
>
> Chris
>
>
> Am 11.09.20, 03:17 schrieb "Trevor Grant" <trevor.d.gr...@gmail.com>:
>
> Thank you so much for getting this out Andrew.
>
> I verified all checksums/sigs.
>
> I successfully built the source including all tests. (I did this in
the
> public docker container rawkintrevo/mahout-builder-base)
>
> I also tested the binaries in the public docker container
> rawkintrevo/mahoutgui , but bashing into the running container,
> unpacking
> both the binary archives, and then aiming and running the mahout
> example
> notebook in turn against each of the unpacked binaries from each of
the
> archives. I did this in place of spark-shell, as I think it's a more
> elegant solution going forward, but would encourage others to test
> against
> mahout spark-shell.
>
> So given all of that, I give an enthusiastic +1
>
> On Thu, Sep 10, 2020 at 3:37 PM Andrew Musselman <a...@apache.org>
> wrote:
>
> > Binaries:
> >
> >
>
https://repository.apache.org/content/repositories/orgapachemahout-1065/org/apache/mahout/apache-mahout-distribution/14.1/
> >
> > Source:
> >
> >
>
https://repository.apache.org/content/repositories/orgapachemahout-1065/org/apache/mahout/mahout/14.1/
> >
> > Please check checksums and signatures, run the shell, do some
> computation,
> > run your favorite jobs, and let us know how it looks.
> >
> > Thanks!
> >
> > Best
> > Andrew
> >
>
>
