+1, * Built from source * Successful native build on Ubuntu 18.04 * Verified Checksums (CHANGELOG.md,RELEASENOTES.md,hadoop-3.3.3-rat.txt,hadoop-3.3.3-site.tar.gz,hadoop-3.3.3-src.tar.gz,hadoop-3.3.3.tar.gz) * Successful RAT check * Ran some basic HDFS shell commands * Ran some basic YARN shell commands * Browsed through UI (NN ,DN, RM, NM & JHS) * Tried some commands on Hive using Hive built on hive-master * Verified Signature: Says Good Signature but "This key is not certified with a trusted signature!" * Ran some MR example jobs(TeraGen, TeraSort, TeraValidate, WordCount, WordMean & Pi) * Version & commit hash seems correct in UI as well as in hadoop version output. * Browsed through the ChangeLog & Release Notes (One place mentions hadoop 3.4.0 though, but we can survive I suppose) * Browsed through the documentation.
Thanx Steve for driving the release, Good Luck!!! -Ayush On Tue, 3 May 2022 at 16:54, Steve Loughran <ste...@cloudera.com.invalid> wrote: > I have put together a release candidate (rc0) for Hadoop 3.3.3 > > The RC is available at: > https://dist.apache.org/repos/dist/dev/hadoop/3.3.3-RC0/ > > The git tag is release-3.3.3-RC0, commit d37586cbda3 > > The maven artifacts are staged at > https://repository.apache.org/content/repositories/orgapachehadoop-1348/ > > You can find my public key at: > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS > > Change log > https://dist.apache.org/repos/dist/dev/hadoop/3.3.3-RC0/CHANGELOG.md > > Release notes > https://dist.apache.org/repos/dist/dev/hadoop/3.3.3-RC0/RELEASENOTES.md > > There's a very small number of changes, primarily critical code/packaging > issues and security fixes. > > > - The critical fixes which shipped in the 3.2.3 release. > - CVEs in our code and dependencies > - Shaded client packaging issues. > - A switch from log4j to reload4j > > > reload4j is an active fork of the log4j 1.17 library with the classes which > contain CVEs removed. Even though hadoop never used those classes, they > regularly raised alerts on security scans and concen from users. Switching > to the forked project allows us to ship a secure logging framework. It will > complicate the builds of downstream maven/ivy/gradle projects which exclude > our log4j artifacts, as they need to cut the new dependency instead/as > well. > > See the release notes for details. > > This is my first release through the new docker build process, do please > validate artifact signing &c to make sure it is good. I'll be trying builds > of downstream projects. > > We know there are some outstanding issues with at least one library we are > shipping (okhttp), but I don't want to hold this release up for it. If the > docker based release process works smoothly enough we can do a followup > security release in a few weeks. > > Please try the release and vote. The vote will run for 5 days. > > -Steve >