Thanks for pointing out YETUS-236. I had missed that. (The binary tarball doesn't need to mention stuff that isn't really included there.)
With that, I retract my -1 and instead: +1 (binding) - Verified signatures and checksums for all distribution artifacts. - Reviewed LICENSE and NOTICE. - Confirmed NOTICE has been updated to 2016. - Quick scan of RELEASENOTES.md looks right. - Built successfully from source. - Manually tested pre-commit on Hadoop. --Chris Nauroth On 3/4/16, 11:03 AM, "Allen Wittenauer" <[email protected]> wrote: > >The LICENSE and NOTICE files are intentionally different between the >source and binary tar balls as a result of YETUS-236. > >> On Mar 4, 2016, at 10:50 AM, Chris Nauroth <[email protected]> >>wrote: >> >> Sorry, but -1 (binding). >> >> The LICENSE file is different in the source tarball vs. the binary >> tarball. In the binary tarball, LICENSE is missing the additional >> licenses at the bottom after the Apache license. I looked back on RC1, >> and it had the same problem, but I failed to catch it during the RC1 >>vote. >> I looked back on the Yetus 0.1.0 release, and in there, the source and >> binary tarballs have an identical LICENSE file. That likely indicates >> something changed in the build and release process after 0.1.0 to cause >> this. >> >> Actually, I just checked NOTICE, and that has a similar problem too. >> >> --Chris Nauroth >> >> >> >> >> On 3/3/16, 5:02 PM, "Allen Wittenauer" >><[email protected]> >> wrote: >> >>> Artifacts are available: >>> >>> https://dist.apache.org/repos/dist/dev/yetus/0.2.0-RC2/ >>> >>> As of this vote the relevant md5 hashes are: >>> >>> MD5 (CHANGES.md) = 268289c713c76238a6e385297ebdb8b6 >>> MD5 (RELEASENOTES.md) = 777ed0c88a711c8e887061dbaa64e59b >>> MD5 (yetus-0.2.0-bin.tar.gz) = 9105ffbfb0cae689fc9ede6d6b0dcf8d >>> MD5 (yetus-0.2.0-src.tar.gz) = 1b41e692df3b349c760f2ab3ae6d2888 >>> >>> Source repository commit: df5627009e28f4712f7626a948b02200fb5541b1 >>> >>> Our KEYS file is at: >>>https://dist.apache.org/repos/dist/release/yetus/KEYS >>> All artifacts are signed with my key (E846DF38) >>> >>> JIRA version: http://s.apache.org/yetus-0.2.0-jira >>> >>> Please take a few minutes to verify the release[1] and vote on >>>releasing >>> it: >>> >>> [ ] +1 Release this package as Apache Yetus 0.2.0 >>> [ ] +0 no opinion >>> [ ] -1 Do not release this package because... >>> >>> Vote will be subject to Majority Approval[2] and will close at 12:00PM >>> (noon) >>> UTC on Monday, March 7th, 2016[3]. >>> >>> [1]: http://www.apache.org/info/verification.html >>> [2]: https://www.apache.org/foundation/glossary.html#MajorityApproval >>> [3]: to find this in your local timezone see: >>> http://s.apache.org/yetus-0.2.0-rc2-close >> > >
