Hi Javen, Thanks for taking on this release. Hopefully I'll have time to try it against our big POI-using projects at work a bit later today.
Meanwhile, it would be good if we could strengthen your PGP key's ties to the web of trust - at the moment, you, Dominik and Andreas have signed each others' keys, but that graph doesn't link back to a larger web. I'm not going to vote against for a beta release on those grounds, but it would be a concern for a full release. I'll be at the ApacheCon Europe keysigning tomorrow night, so perhaps there will be someone there who is geographically local one of you three, so my signing their key will allow them to bridge the gap. Thanks, David On 13/11/16 12:06, Javen O'Neal wrote: > Hallo, > > I have prepared artifacts for the release of Apache POI 3.16-beta1 (RC1). > > Copied from the new summary section in the changelog [1], the most > notable changes in this release are: > > - Initial work on adding a Gradle build, the Ant based build is > currently still the official buildsystem, but there are plans to replace > this with Gradle in the future. > - Add support for password protected files with "Microsoft Enhanced > Cryptographic Provider v1.0" > - Improve support for reading VBA macros > - Examples to encrypt temp files in SXSSF > > https://dist.apache.org/repos/dist/dev/poi/3.16-beta1-RC1/ > > What to look for? > - verify the artifacts' md5 and sha1 hashes and asc signature. This is > my first POI release and my first release signed with 8BABDD6C, so you > may need to import it into your keystore. > This key is included in the following KEYS files [2], [3]. > It is also be found by searching on [4], [5], or most other PGP key servers. > Steps to verify this are at the end of this email. > - add, remove, or modify notable changes. I believe these notes are > separate from the artifacts, so the changes can be updated without > necessarily rolling a new release (though no big deal if this needs done). > - maybe run another common-crawl test > - check for unintentional API breaks > - verify enum-related (bug 59836 [6]) unintentional API breaks in 3.15 > are fixed in this 3.16 beta > > Please vote [7] to release the artifacts. Please vote 0 if everything > looks good but you did not have time to test the artifacts in a POI > powered application. > > The vote stays open for at least 72hrs, 2016-11-17, 23:59 UTC, staying > open until we have analyzed the results of common-crawl. > If no issues are discovered, the planned release announcement date is > Wednesday, 2016-11-23. > > Javen O'Neal > > Steps to verify the build artifacts: > wget https://dist.apache.org/repos/dist/dev/poi/KEYS; gpg --import KEYS > gpg --import KEYS > (alternatively, gpg --keyserver pgp.mit.edu --recv-key 8BABDD6C) > svn checkout https://dist.apache.org/repos/dist/dev/poi/3.16-beta1-RC1 > cd 3.16-beta1-RC1 > find . -name "*.md5" -type f -execdir md5sum -c {} \; > find . -name "*.sha1" -type f -execdir sha1sum -c {} \; > find . -name "*.asc" -exec gpg --no-secmem-warning --verify {} \; > > More detailed instructions can be found at > https://poi.apache.org/download.html#verify > > [1] https://poi.apache.org/changes.html > [2] https://dist.apache.org/repos/dist/dev/poi/KEYS > [3] https://svn.apache.org/repos/asf/poi/trunk/KEYS > [4] https://people.apache.org/keys/ > [5] https://pgp.mit.edu/ > [6] https://bz.apache.org/bugzilla/show_bug.cgi?id=59836 > [7] > https://www.apache.org/foundation/voting.html#expressing-votes-1-0-1-and-fractions > -- David North | www.dnorth.net --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
