+1 Le ven. 9 juil. 2021 à 09:22, Robert Munteanu <romb...@apache.org> a écrit :
> I've been reading the ASF release policy at > > https://www.apache.org/legal/release-policy.html > > , and this snippet drew my attention: > > > A release isn't 'released' until the contents are in the project's > distribution directory, which is a subdirectory of > downloads.apache.org. In addition to the distribution directory, > project that use Maven or a related build tool sometimes place their > releases on repository.apache.org beside some convenience binaries. The > distribution directory is required, while the repository system is an > optional convenience. > > which leads me to believe that we did not actually 'release' the > bundle, but are right now in an inconsistent state, with a convenience > channel being used before the actual vote being released. > > My suggestion would be to continue the voting process in a manual way > and reach out to infra/ASF board ( as per [2] ) only if the release > vote fails. > > For that, I would ask you (Cris) to re-upload the same artifacts to > > https://dist.apache.org/repos/dist/dev/sling/ > > ( svn co https://dist.apache.org/repos/dist/dev/sling/ ) > > and we will resume voting based on those. We may need to patch the > scripts or run the checks manually, but it's a one-time occurence and > should not be such a big deal. > > I prefer uploading to dist/dev and validating the artifacts from there > since it's more in line with the ASF release policy and minimises the > risk of this release being called out as out of policy. > > Would that work for you? > > Thanks, > Robert > > > [2]: https://www.apache.org/legal/release-policy.html#administration > > On Thu, 2021-07-08 at 14:30 -0400, Cris Rockwell wrote: > > It’s not much to tweak the script to check a promoted artifact vs a > > staged artifact. The script below does it. > > > > $ ./check_promoted_release.sh org.apache.sling.auth.saml2/0.2.6/ . > > > > > > > > #!/bin/sh > > > > #check_promoted_release.sh > > STAGING=${1} > > DOWNLOAD=${2:-/tmp/sling-staging} > > mkdir ${DOWNLOAD} 2>/dev/null > > > > if [ -z "${STAGING}" -o ! -d "${DOWNLOAD}" ] > > then > > echo "Usage: check_promoted_release.sh <artifactID/version> [temp- > > directory]" > > exit > > fi > > > > if [ ! -e "${DOWNLOAD}/${STAGING}" ] > > then > > echo > > "###################################################################### > > ##########" > > echo " DOWNLOAD PROMOTED > > REPOSITORY " > > echo > > "###################################################################### > > ##########" > > > > wget -e "robots=off" --wait 1 -nv -r -np "-- > > reject=html,index.html.tmp,../" "--follow-tags=" \ > > -P "${DOWNLOAD}/${STAGING}" -nH "--cut-dirs=6" \ > > > > " > https://repository.apache.org/content/groups/public/org/apache/sling/${STAGING} > > " > > > > else > > echo > > "###################################################################### > > ##########" > > echo " USING EXISTING STAGED > > REPOSITORY " > > echo > > "###################################################################### > > ##########" > > echo "${DOWNLOAD}/${STAGING}" > > fi > > > > echo > > "###################################################################### > > ##########" > > echo " CHECK SIGNATURES AND > > DIGESTS " > > echo > > "###################################################################### > > ##########" > > > > for i in `find "${DOWNLOAD}/${STAGING}" -type f | grep -v > > '\.\(asc\|sha1\|md5\)$'` > > do > > f=`echo $i | sed 's/\.asc$//'` > > echo "$f" > > gpg --verify $f.asc 2>/dev/null > > if [ "$?" = "0" ]; then CHKSUM="GOOD"; else CHKSUM="BAD!!!!!!!!"; fi > > if [ ! -f "$f.asc" ]; then CHKSUM="----"; fi > > echo "gpg: ${CHKSUM}" > > > > for tp in md5 sha1 > > do > > if [ ! -f "$f.$tp" ] > > then > > CHKSUM="----" > > else > > A="`cat $f.$tp 2>/dev/null`" > > B="`openssl $tp < $f 2>/dev/null | sed 's/.*= *//' `" > > if [ "$A" = "$B" ]; then CHKSUM="GOOD (`cat $f.$tp`)"; else > > CHKSUM="BAD!! : $A not equal to $B"; fi > > fi > > echo "$tp : ${CHKSUM}" > > done > > > > done > > > > if [ -z "${CHKSUM}" ]; then echo "WARNING: no files found!"; fi > > > > echo > > "###################################################################### > > ##########" > > > > > > ####################################################################### > > ######### > > CHECK SIGNATURES AND DIGESTS > > ####################################################################### > > ######### > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/0.2.6/ > > org.apache.sling.auth.saml2-0.2.6-source-release.zip > > gpg: GOOD > > md5 : GOOD (39c1e148b0919387a5732628ba604d21) > > sha1 : GOOD (cea7d34a4b78dd651b8fd26ef9464ac3bacc5f6f) > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/0.2.6/ > > org.apache.sling.auth.saml2-0.2.6.pom > > gpg: GOOD > > md5 : GOOD (4ac6eb0eb5e4fcd0372a211a1974dc0c) > > sha1 : GOOD (531a963abf49b8db1b8e2584139b793a9bc28bb2) > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/0.2.6/ > > org.apache.sling.auth.saml2-0.2.6-javadoc.jar > > gpg: GOOD > > md5 : GOOD (e848893428b5deb1246f768d8657e27c) > > sha1 : GOOD (85e79ac6ae98a929a1f3aa58f93959acd33a2a2d) > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/0.2.6/ > > org.apache.sling.auth.saml2-0.2.6-sources.jar > > gpg: GOOD > > md5 : GOOD (69fea4b472d2b4ec0dcc1987087c6702) > > sha1 : GOOD (9bbfd0071d81ead55fa2a5b920d74ec1934e666c) > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/0.2.6/ > > org.apache.sling.auth.saml2-0.2.6.jar > > gpg: GOOD > > md5 : GOOD (94c54bf5b7d244f60da1837d5b0351b2) > > sha1 : GOOD (00a784f65d23a18d7eed094dddedc863e235bf9d) > > ####################################################################### > > ######### > > ➜ release ./check_promoted_release.sh > > org.apache.sling.auth.saml2/0.2.6/ . > > > > > > > > > > > > > On Jul 8, 2021, at 10:54 AM, Robert Munteanu <romb...@apache.org> > > > wrote: > > > > > > There are two question here: > > > > > > 1. Practical - what do we vote on? The staging repository is gone. > > > 2. Procedural - is this the right thing to do? > > > > > > For 1. I guess we could ask you to restore it, maybe stage the exact > > > same artifacts again and resume the vote? Not a new vote thread, > > > simply > > > reply to the same thread with a new staging repository. > > > > > > But we should not conclude the vote until we are sure of 2. > > > > > > Thanks, > > > Robert > > > > > > On Thu, 2021-07-08 at 08:13 -0400, Cris Rockwell wrote: > > > > How about pmc members actually cast your votes on this release now? > > > > If there are enough+1 then it's fine. If somebody is actually > > > > trying > > > > to > > > > drag this out intentionally, thats not cool. > > > > > > > > On Thu, Jul 8, 2021, 6:22 AM Robert Munteanu <romb...@apache.org> > > > > wrote: > > > > > > > > > Hi, > > > > > > > > > > The staging repository in question was under vote, no votes cast > > > > > ( > > > > > I > > > > > was preparing my +1 ) and was accidentally promoted. > > > > > > > > > > That means that the artifacts are on Maven Central without a > > > > > formal > > > > > vote from the PMC. > > > > > > > > > > What options do we have from here? Does anyone know of a similar > > > > > situation? If not, we can wait for an answer on the infra issue > > > > > [1]. > > > > > > > > > > Thanks, > > > > > Robert > > > > > > > > > > [1]: https://issues.apache.org/jira/browse/INFRA-22090 > > > > > > > > > > On Thu, 2021-07-08 at 12:16 +0200, Nicolas Peltier wrote: > > > > > > Ok, looks like it's over now to move it back, so either we > > > > > > retroactively > > > > > > vote for that artifact, either we redo a release :( > > > > > > sorry for that mess :( > > > > > > > > > > > > Le jeu. 8 juil. 2021 à 11:50, Nicolas Peltier > > > > > > <npelt...@apache.org> a > > > > > > écrit : > > > > > > > > > > > > > sorry Chris i mistakenly released the staging repository, and > > > > > > > now am > > > > > > > struggling to undo this, it's very likely we have to delete > > > > > > > it > > > > > > > all > > > > > > > together > > > > > > > :( > > > > > > > https://issues.apache.org/jira/browse/INFRA-22090 > > > > > > > > > > > > > > Le ven. 2 juil. 2021 à 17:41, Cris Rockwell > > > > > > > <cmroc...@umich.edu> a > > > > > > > écrit : > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > We solved 3 Jira issues in this initial release: > > > > > > > > > https://issues.apache.org/jira/projects/SLING/versions/12350210 > > > > > > > > < > > > > > > > > > https://issues.apache.org/jira/projects/SLING/versions/12350210 > > > > > > > > > > > > > > > > > > > > > > > > > Staging repository: > > > > > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachesling-2490/ > > > > > > > > > > > > > > > > You can use this UNIX script to download the release and > > > > > > > > verify the > > > > > > > > signatures: > > > > > > > > > > > > > > > > > > > > > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > > > > > > > < > > > > > > > > > > > > > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > > > > > > > > > > > > > > > > > > > > > > > > Usage: > > > > > > > > sh check_staged_release.sh 2490 /tmp/sling-staging > > > > > > > > > > > > > > > > Please vote to approve this release: > > > > > > > > > > > > > > > > [ ] +1 Approve the release > > > > > > > > [ ] 0 Don't care > > > > > > > > [ ] -1 Don't release, because ... > > > > > > > > > > > > > > > > This majority vote is open for at least 72 hours. > > > > > > > > > > > > > > > > Regards, > > > > > > > > Cris > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
