On Mon, Jun 25, 2018 at 11:27 PM Vincent S Hou <s...@us.ibm.com> wrote:
> ...This is to call for a vote for the release of Apache OpenWhisk > 0.9.0-incubating: main OpenWhisk module.... +1 for the release of openwhisk-0.9.0-incubating-sources.tar.gz with SHA512()= 26d19d92ef4b4cf14f42fc0d425faaeb914690fcafb3dce431ea36e215c5da60ce8aad68324fdbf8a9d6e703e077923795403b80927e31feff0a21cd26da7b49 Thank you Vincent and team, great work! Here's what I checked: -Signatures and digests match -LICENSE.txt NOTICE.txt DISCLAIMER.txt look good to me. -File header checks pass using the scancode tool from https://github.com/apache/incubator-openwhisk-utilities -build with /gradlew distDocker works (with a local Docker setup) -Filenames are ok -I don't see binary files in the release archive which is good, except for ./gradle/wrapper/gradle-wrapper.jar which I think is acceptable - but its digest should be kept track of, maybe in a jira ticket so people can validate it if they want. And I have a few comments that do not block the release but need to be taken care of eventually, IMO (some carried over from the previous canceled vote): 0) Could you move the files found under https://dist.apache.org/repos/dist/dev/incubator/openwhisk/apache-openwhisk-0.9.0-incubating-rc1/ that are not part of this release to a different subfolder? For clarity. 1) The .scala code files are in whisk.* packages, that should be org.apache.openwhisk.* for an Apache project. 2) There's an RSA private key in the source archive, if it's for testing purposes it should be clearly identified as such (ideally named test- something) to reassure people that it's not problematic to distribute it (./ansible/roles/nginx/files/openwhisk-server-key.pem). 3) The signature matches but the key is gpg: Signature made Mon Jun 25 23:11:21 2018 CEST using RSA key ID 22CC20CC gpg: Good signature from "OpenWhisk Release Bot (Release of OpenWhisk) <apacheopenwh...@gmail.com>" [unknown] Is that "release bot" key secure, and who owns it? 4) The ansible setup is apparently hardcoded with 172.17.0.1 as the Docker host and requires a fairly specific initial setup on the host, I got a few errors and gave up - not a blocker for the release, but there's probably room for improvement either in the setup or in specifying a clear starting point like a specific host version, or Docker image or Vagrant box. 7) INSTALL.md says "Stay under the directory of incubator-openwhisk" but I needed to "cd ansible" first. -Bertrand (OpenWhisk incubation mentor)
