Thank you all for your responses and assistance in resolving the issue. Based on the discussion outcome, I will build RC2 with go 1.21.8 as soon as possible and initiate the voting process.
Tingyao Wilfred Spiegelenburg <wilfr...@apache.org> 於 2024年3月6日 週三 上午8:18寫道: > Yes I think we need to spin a new RC: -1 for RC1 > > Go 1.21.8 delivers a total of 5 CVE fixes, with another CVE in the > protobuf code. > We should fix the two memory leaks discovered. Both are simple and > non-invasive fixes. > > We should remove the reproducible build details from the README until > we figure out what is happening. > > Wilfred > > On Wed, 6 Mar 2024 at 10:15, Craig Condit <ccon...@apache.org> wrote: > > > > All of the below-mentioned issues have been resolved in branch-1.5.0 in > preparation for a possible 1.5.0-rc2. Assuming we move forward with rc2, we > should build with go 1.21.8 to ensure the latest fixes in the go standard > library are included as well. > > > > Craig > > > > > > > On Mar 5, 2024, at 3:12 PM, Craig Condit <ccon...@apache.org> wrote: > > > > > > -1 (binding). > > > > > > All, > > > > > > We have a few issues in rc1 that I believe we should address before > shipping 1.5.0: > > > > > > CVEs: > > > > > > - CVE-2024-24783 (requires rebuild with go 1.21.8) > > > - CVE-2023-45290 (requires rebuild with go 1.21.8) > > > - CVE-2023-45289 (requires rebuild with go 1.21.8) > > > - CVE-2024-24786 (requires updates to google.golang.org/protobuf < > http://google.golang.org/protobuf> and possibly github.com/golang/protobuf > <http://github.com/golang/protobuf>) > > > > > > Broken functionality: > > > > > > - Reproducible builds (unknown why this has failed, but we will need > to remove the content from the README.md that claims reproducible status) > > > > > > Critical bugs (both memory leaks): > > > > > > - https://issues.apache.org/jira/browse/YUNIKORN-2465 - Remove Task > objects from the shim upon pod completion (fix merged to master and to > branch-1.5) > > > - https://issues.apache.org/jira/browse/YUNIKORN-2467 - Remove > AllocationAsk from the core when a pod is completed (PR available; needs > review to determine if this is a 1.5 blocker). > > > > > > I think we should address each of these and cut an rc2. Thought? > > > > > > Craig Condit > > > > > >> On Mar 2, 2024, at 10:38 AM, TingYao <ting...@apache.org> wrote: > > >> > > >> Hello everyone, > > >> > > >> I would like to call a vote for releasing Apache YuniKorn 1.5.0 RC1. > > >> > > >> The release artefacts have been uploaded here: > > >> https://dist.apache.org/repos/dist/dev/yunikorn/1.5.0-RC1 > > >> > > >> My public key is located in the KEYS file: > > >> https://downloads.apache.org//yunikorn/KEYS > > >> > > >> JIRA issues that have been resolved in this release: > > >> https://issues.apache.org/jira/issues/?filter=12352958 > > >> > > >> Git tags for each component are as follows: > > >> yunikorn-scheduler-interface: v1.5.0-1 > > >> yunikorn-core: v1.5.0-2 > > >> yunikorn-k8shim: v1.5.0-2 > > >> yunikorn-web: v1.5.0-1 > > >> yunikorn-release: v1.5.0-2 > > >> > > >> Once the release is voted on and approved, all repos will be tagged > > >> 1.5.0 for consistency. > > >> > > >> Please review and vote. The vote will be open for at least 72 hours > > >> and closes on Wednesday 5 March 2024, 17:00:00 UTC > > >> > > >> [ ] +1 Approve > > >> [ ] +0 No opinion > > >> [ ] -1 Disapprove (and the reason why) > > >> > > >> Thank you, > > >> Tingyao > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@yunikorn.apache.org > > For additional commands, e-mail: dev-h...@yunikorn.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@yunikorn.apache.org > For additional commands, e-mail: dev-h...@yunikorn.apache.org > >
