-1 from me My 2 biggest concerns are: * INSTALL.sh [1] requires sudo - I'm not sure that it does to be honest - but I will not run an install on my laptop that requires sudo for security reasons. It also uses curl commands to install Bazel. I would prefer if you provided a buold script that does not use sudo and that assumes the user has Bazel installed. You can provide a link in your docs about how to install Bazel. * I know you are using a DISCLAIMER-WIP file which allows you not to have finalised the 3rd party info in your LICENSE [2] file but there are factual inaccuracies in the file are far as I can see. It is one thing to have omissions but I think false claims are a big problem. Some of these false claims are listed in the DISCLAIMER-WIP [3]. I don't even know why you include license info in the DISCLAIMER-WIP (you do need to state that users need to check the licensing of the 3rd party code because you have not completed this work). Under public domain you include:
* protobuf-3.10.0 (https://github.com/protocolbuffers/protobuf) Protobuf is not public domain. I think many of the other items you listed are not public domain either. I'm not sure why you are even listing this stuff in your LICENSE. The LICENSE is for the source code that is in the source release. If you link to binaries that are pulled in the install, that is not something that does not affect the LICENSE. Many projects provide a separate LICENSE-BINARY file but this is not strictly necessary unless you are providing a binary release as well as a source release. I'm also concerned about the health of the ResilientDB PPMC. PPMC members need to be more involved in checking the release candidates. You shouldn't be relying on Incubator PMC members to do the checks - we are just a final check but we assume that the PPMC members have been actively involved in checking the release candidates first. I also noted a number of issues in the Vote email. The preference for the KEYS file is to link this file https://downloads.apache.org/incubator/resilientdb/KEYS Which is a CDN equivalent of https://dist.apache.org/repos/dist/release/incubator/resilientdb/KEYS The vote email should include the Git commit ID. The Git tag is useful too but Git tags can be moved. The commit ID appears to be 1b5b5e39884f72345f682209add8ab3dc491bb7e Your link to the docs to compile the code is broken This works: https://github.com/apache/incubator-resilientdb?tab=readme-ov-file#build-and-deploy-resilientdb [1] https://github.com/apache/incubator-resilientdb/blob/master/INSTALL.sh [2] https://github.com/apache/incubator-resilientdb/blob/master/LICENSE [3] https://github.com/apache/incubator-resilientdb/blob/master/DISCLAIMER-WIP On 2024/06/22 03:31:30 Junchao Chen wrote: > Hello, > > This is a call for vote to release Apache ResilientDB(Incubating) version > 1.10.0-RC2. > > The release candidates: > https://dist.apache.org/repos/dist/dev/incubator/resilientdb/1.10.0-rc2/ > > Release notes: > https://github.com/apache/incubator-resilientdb/blob/master/CHANGELOG.md#resielientdb-v1100-2024-4-16 > > Git tag for the release: > https://github.com/apache/incubator-resilientdb/tree/v1.10.0-rc02 > > Keys to verify the Release Candidate: > https://dist.apache.org/repos/dist/dev//incubator/resilientdb/KEYS > > The vote will be open for at least 72 hours or until the necessary number > of votes are reached. > > Please vote accordingly: > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove with the reason > > Checklist for reference: > > [ ] Download links are valid. > [ ] Checksums and PGP signatures are valid. > [ ] Source code distributions have correct names matching the current > release. > [ ] LICENSE and NOTICE files are correct for each repo. > [ ] All files have license headers if necessary. > [ ] No unlicensed compiled archives bundled in the source archive. > > To compile from the source, please refer to: > https://github.com/apache/incubator-resilientdb/tree/1.10.0-rc02?tab=readme-ov-file#build-and-deploy-resilientdb > <https://github.com/apache/incubator-resilientdb/tree/v1.10.0-rc01?tab=readme-ov-file#build-and-deploy-resilientdb> > > > Thanks, > Junchao >
