Hi Stian, thanks for the detailed spot-on review. (comments inline).
I have created an issue to track the point you have raised ( https://github.com/apache/incubator-pulsar/issues/1337), we'll get to these before next release. On Fri, Mar 2, 2018 at 2:00 AM Stian Soiland-Reyes <st...@apache.org> wrote: > Oo, I'll better hurry up then! :) > Normally the wording is "The vote is open for at least 72 hours" -- > you are OK to keep it open a bit longer if you need sufficient votes > or have not tallied them yet. > Sure we'll update the email templates > > Source and binary files: > > https://dist.apache.org/repos/dist/dev/incubator/pulsar/ > > pulsar-1.22.0-incubating-candidate-3/ > > Is it fourth of third release candidate? Use consistent numbering. > Starting with "RC0" is a bit unusual.. > Yes, we're indeed starting with RC0. We'll switch the instructions to start with RC1 > +0 src.tar.gz vs git tag (generate_protobuf.sh and > generate_protobuf_docker.sh missing from dist - are they needed?) > These files are only need to recreate protobuf generated files which are anyway included in the repo (not when just c > +0 src NOTICE -- copyright should extend into 2017-2018 > Thanks for catching, will fix > +0 bin NOTICE -- are all of these copyrights really forwarded from their > NOTICE? > > I did a spot check, and guava.jar does not have a NOTICE, so unless > that was copied from a zip/tar that had such a NOTICE, then there > would be nothing to propagate. On the other side netty.jar has a > humongous NOTICE which somehow just becomes "Copyright 2014 The Netty > Project" in your NOTICE -- this seems to violate their Apache license. > Has this been discussed on legael? > This was discussed few times here when voting on past releases. Initially I had put the overall content of Netty NOTICE file but according to the discussion I have only left copyright notices. Discussion for 1.19 Pulsar release: https://lists.apache.org/thread.html/b2ebf0d5fc8f75f3bb09dc1c2da878da9c565043cae8fcc2bb20c519@%3Cgeneral.incubator.apache.org%3E Discussion for 1.20 release: https://lists.apache.org/thread.html/bcaa7b2547ec72d2457c9516ae4fee8bb27429be17a4e0db77b013df@%3Cgeneral.incubator.apache.org%3E These discussions, resulted into these 2 changes to the notice files: * https://github.com/apache/incubator-pulsar/pull/677 * https://github.com/apache/incubator-pulsar/pull/926 Regarding Netty, I've done a spot check on several other ASF TLP projects and found no one including the full NOTICE file from Netty. I can assure we have no intention to withdraw information from the NOTICE file :-), it's just that the definition of what should be included and what shouldn't is still not 100% crisp and clear to us. Your Git repository contains .gitignore.swp from vim which you > probably want to delete. > Thanks for catching, will remove. Your checksum files are in an unusual style: > > C1 B8 C8 91 23 92 6A 56 82 F6 E9 F3 25 86 8B 58 > > CA1B352F 9576C8CB F16258F8 DEABF8F6 E95A926F 665E2FD8 30A38532 8BC639C6 > 20FD34E6 > 6948396A CCD1A123 F072F93D 55D316EB EE34D208 9E0E9174 95AA09EE > > Normally the .md5 and .sha512 files contain the checksum only, in > lowercase hex without spacing, e.g. > > c1b8c89123926a5682f6e9f325868b58 > > ca1b352f9576c8cbf16258f8deabf8f6e95a926f665e2fd830a385328bc639c620fd34e66948396accd1a123f072f93d55d316ebee34d2089e0e917495aa09ee > > This makes it easier to check against tools like md5sum and shasum. > > You didn't include .sha1 checksums, but extra points for .sha512 :) > We have a script that we use to generate the checksums and it does: gpg --print-md SHA512 $FILE > $FILE.sha512 This was to avoid differences in tooling between macos and linux. We'll try to fix it to use the standard format. > It is customary to include the checksums (at least md5) or the > dist.apache.org svn revision in the [VOTE] email, to any avoid > accidental last-minute-tampering confusion and to keep it in the > mailing list archives. > Sure, we'll add that to instructions. Thanks, Matteo -- Matteo Merli <mme...@apache.org>