[VOTE][RESULT] Release Apache Commons Parent 56 based on RC1
This LAZY VOTE passes with 2 binding +1s. Gary On Mon, Jan 2, 2023 at 3:40 PM Gary Gregory wrote: > > My +1 > > Gary > > On Fri, Dec 30, 2022 at 11:27 AM Gary Gregory wrote: > > > > We have added some enhancements since Apache Commons Parent 55 was > > released, so I would like to release Apache Commons Parent 56. > > > > Apache Commons Parent 56 RC1 is available for review here: > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1 > > (svn revision 59034) > > > > The Git tag commons-parent-56-RC1 commit for this RC is > > 5b9c51eb767743b4e8c6405813b7082926659b98 which you can browse here: > > > > https://gitbox.apache.org/repos/asf?p=commons-parent.git;a=commit;h=5b9c51eb767743b4e8c6405813b7082926659b98 > > You may checkout this tag using: > > git clone https://gitbox.apache.org/repos/asf/commons-parent.git > > --branch commons-parent-56-RC1 commons-parent-56-RC1 > > > > Maven artifacts are here: > > > > https://repository.apache.org/content/repositories/orgapachecommons-1614/org/apache/commons/commons-parent/56/ > > > > These are the artifacts and their hashes: > > > > #Release SHA-512s > > #Fri Dec 30 11:18:57 EST 2022 > > commons-parent-56-bom.json=fb85672b30edcc1dfba3ff5b45d2ab8d98616e428733d30494eb15870b61166ab9915b2fe5c26f0093699e78389ca6808f8a47fb89b8059c9725b131a5b6c2fa > > commons-parent-56-bom.xml=5ffe9849ba1b038bee2cdd0c440eb8872d2c1f7ca0f4262363544f61e57675f1e209c2f5eec06dc978e20b57853faaddaae16e58dbb9b111e3d78ac3c05d6770 > > commons-parent-56-site.xml=c6aea4f2c03920366bee23b08b046dacc09710e92c78ccd83f47cd92f89bc53abc3b8bbc7f44017ee94a2cb022ce763fe3f7d8c9aa42d571350269ba6568ca07 > > commons-parent-56-src.tar.gz=6c3831c0ca6cf22b610b0362093c4b1467571e2c1fc3c4398b7cdaa636375f289d4b52d62a2ef1a42e485b5241316b7599066c25464ac148db49c7a3339c6692 > > commons-parent-56-src.zip=a6af3b55474c568a3b48fb7e75adfa11b105b2e23c8a5f522d717a6434403cb3981c9b5867ae06177c4e15fa9b82a3de5295b5f4e7faa66c90ea1a23056e7896 > > org.apache.commons_commons-parent-56.spdx.json=032a54626a692686b574708ef33ac5c9f93a48e0a567abafcf73281142354acc7c129e03d10de2145288d84b6aa329896e1fcaa3ee34ac85d8c4e648d8ef09a1 > > > > I have tested this with 'mvn -V -Duser.name=$my_apache_id > > -Ddoclint=none -Prelease -Ptest-deploy clean package site deploy' > > using: > > > > Apache Maven 3.8.6 (84538c9988a25aec085021c365c560670ad80f63) > > Maven home: /usr/local/Cellar/maven/3.8.6/libexec > > Java version: 1.8.0_352, vendor: Homebrew, runtime: > > /usr/local/Cellar/openjdk@8/1.8.0+352/libexec/openjdk.jdk/Contents/Home/jre > > Default locale: en_US, platform encoding: UTF-8 > > OS name: "mac os x", version: "13.1", arch: "x86_64", family: "mac" > > > > Darwin 22.2.0 Darwin Kernel Version 22.2.0: Fri Nov 11 02:08:47 > > PST 2022; root:xnu-8792.61.2~4/RELEASE_X86_64 x86_64 > > > > Details of changes since 55 are in the release notes: > > > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/RELEASE-NOTES.txt > > > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/site/changes-report.html > > > > Site: > > > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/site/index.html > > (note some *relative* links are broken and the 56 directories are > > not yet created - these will be OK once the site is deployed.) > > > > RAT Report: > > > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/site/rat-report.html > > > > KEYS: > > https://downloads.apache.org/commons/KEYS > > > > Please review the release candidate and vote. > > This vote will close no sooner than 72 hours from now. > > > > [ ] +1 Release these artifacts > > [ ] +0 OK, but... > > [ ] -0 OK, but really should fix... > > [ ] -1 I oppose this release because... > > > > Thank you, > > > > garydgregory, > > Release Manager (using key DEADBEEF) > > > > For following is intended as a helper and refresher for reviewers. > > > > Validating a release candidate > > == > > > > These guidelines are NOT complete. > > > > Requirements: Git, Java, Maven. > > > > You can validate a release from a release candidate (RC) tag as follows. > > > > 1a) Clone and checkout the RC tag > > > > git clone https://gitbox.apache.org/repos/asf/commons-parent.git > > --branch commons-parent-56-RC1 commons-parent-56-RC1 > > cd commons-parent-56-RC1 > > > > 1b) Download and unpack the source archive from: > > > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/source > > > > 2) Check Apache licenses > > > > This step is not required if the site includes a RAT report page which > > you then must check. > > > > mvn apache-rat:check > > > > 3) Check binary compatibility > > > > Older components still use Apache Clirr: > > > > This step is not required if the site includes a Clirr report page > > which you then must check. > > > > mvn clirr:check > > > > Newer components use JApiCmp with the japicmp Maven Profile: > > > > Th
Re: [VOTE] Release Apache Commons Parent 56 based on RC1
My +1 Gary On Fri, Dec 30, 2022 at 11:27 AM Gary Gregory wrote: > > We have added some enhancements since Apache Commons Parent 55 was > released, so I would like to release Apache Commons Parent 56. > > Apache Commons Parent 56 RC1 is available for review here: > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1 > (svn revision 59034) > > The Git tag commons-parent-56-RC1 commit for this RC is > 5b9c51eb767743b4e8c6405813b7082926659b98 which you can browse here: > > https://gitbox.apache.org/repos/asf?p=commons-parent.git;a=commit;h=5b9c51eb767743b4e8c6405813b7082926659b98 > You may checkout this tag using: > git clone https://gitbox.apache.org/repos/asf/commons-parent.git > --branch commons-parent-56-RC1 commons-parent-56-RC1 > > Maven artifacts are here: > > https://repository.apache.org/content/repositories/orgapachecommons-1614/org/apache/commons/commons-parent/56/ > > These are the artifacts and their hashes: > > #Release SHA-512s > #Fri Dec 30 11:18:57 EST 2022 > commons-parent-56-bom.json=fb85672b30edcc1dfba3ff5b45d2ab8d98616e428733d30494eb15870b61166ab9915b2fe5c26f0093699e78389ca6808f8a47fb89b8059c9725b131a5b6c2fa > commons-parent-56-bom.xml=5ffe9849ba1b038bee2cdd0c440eb8872d2c1f7ca0f4262363544f61e57675f1e209c2f5eec06dc978e20b57853faaddaae16e58dbb9b111e3d78ac3c05d6770 > commons-parent-56-site.xml=c6aea4f2c03920366bee23b08b046dacc09710e92c78ccd83f47cd92f89bc53abc3b8bbc7f44017ee94a2cb022ce763fe3f7d8c9aa42d571350269ba6568ca07 > commons-parent-56-src.tar.gz=6c3831c0ca6cf22b610b0362093c4b1467571e2c1fc3c4398b7cdaa636375f289d4b52d62a2ef1a42e485b5241316b7599066c25464ac148db49c7a3339c6692 > commons-parent-56-src.zip=a6af3b55474c568a3b48fb7e75adfa11b105b2e23c8a5f522d717a6434403cb3981c9b5867ae06177c4e15fa9b82a3de5295b5f4e7faa66c90ea1a23056e7896 > org.apache.commons_commons-parent-56.spdx.json=032a54626a692686b574708ef33ac5c9f93a48e0a567abafcf73281142354acc7c129e03d10de2145288d84b6aa329896e1fcaa3ee34ac85d8c4e648d8ef09a1 > > I have tested this with 'mvn -V -Duser.name=$my_apache_id > -Ddoclint=none -Prelease -Ptest-deploy clean package site deploy' > using: > > Apache Maven 3.8.6 (84538c9988a25aec085021c365c560670ad80f63) > Maven home: /usr/local/Cellar/maven/3.8.6/libexec > Java version: 1.8.0_352, vendor: Homebrew, runtime: > /usr/local/Cellar/openjdk@8/1.8.0+352/libexec/openjdk.jdk/Contents/Home/jre > Default locale: en_US, platform encoding: UTF-8 > OS name: "mac os x", version: "13.1", arch: "x86_64", family: "mac" > > Darwin 22.2.0 Darwin Kernel Version 22.2.0: Fri Nov 11 02:08:47 > PST 2022; root:xnu-8792.61.2~4/RELEASE_X86_64 x86_64 > > Details of changes since 55 are in the release notes: > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/RELEASE-NOTES.txt > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/site/changes-report.html > > Site: > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/site/index.html > (note some *relative* links are broken and the 56 directories are > not yet created - these will be OK once the site is deployed.) > > RAT Report: > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/site/rat-report.html > > KEYS: > https://downloads.apache.org/commons/KEYS > > Please review the release candidate and vote. > This vote will close no sooner than 72 hours from now. > > [ ] +1 Release these artifacts > [ ] +0 OK, but... > [ ] -0 OK, but really should fix... > [ ] -1 I oppose this release because... > > Thank you, > > garydgregory, > Release Manager (using key DEADBEEF) > > For following is intended as a helper and refresher for reviewers. > > Validating a release candidate > == > > These guidelines are NOT complete. > > Requirements: Git, Java, Maven. > > You can validate a release from a release candidate (RC) tag as follows. > > 1a) Clone and checkout the RC tag > > git clone https://gitbox.apache.org/repos/asf/commons-parent.git > --branch commons-parent-56-RC1 commons-parent-56-RC1 > cd commons-parent-56-RC1 > > 1b) Download and unpack the source archive from: > > https://dist.apache.org/repos/dist/dev/commons/commons-parent/56-RC1/source > > 2) Check Apache licenses > > This step is not required if the site includes a RAT report page which > you then must check. > > mvn apache-rat:check > > 3) Check binary compatibility > > Older components still use Apache Clirr: > > This step is not required if the site includes a Clirr report page > which you then must check. > > mvn clirr:check > > Newer components use JApiCmp with the japicmp Maven Profile: > > This step is not required if the site includes a JApiCmp report page > which you then must check. > > mvn install -DskipTests -P japicmp japicmp:cmp > > 4) Build the package > > mvn -V clean package > > You can record the Maven and Java version produced by -V in your VOTE reply. > To gather OS information from a command line: > Windows: ver > Li
Re: Issue 54739 in oss-fuzz: apache-commons-io: Fuzzing build failure
It's just the way maven and downloads work in general. If you want a permanent link to a set version, you need to link to the archives: https://archive.apache.org/dist/maven/maven-3/ Gary On Mon, Jan 2, 2023, 07:25 Roman Wagner wrote: > Hi Gary, > > it seems to be related to the removal of maven binary version 3.8.6 on > https://dlcdn.apache.org/maven/maven-3/. We could solve this by updating > the maven download link in the oss-fuzz integration to version 3.8.7. Or > would you suggest any other maven version that would be longer available on > https://dlcdn.apache.org/maven/maven-3? > > Best regards > Roman > > On Mon, Jan 2, 2023 at 12:38 PM Gary Gregory > wrote: > > > What is this? Related to Maven 3.8.6 vs 3.8.7 which just came out? > > > > Gary > > > > On Mon, Jan 2, 2023, 06:09 ClusterFuzz-External via monorail < > > monorail+v2.382749...@chromium.org> wrote: > > > > > Status: New > > > Owner: > > > CC: fuzz-...@commons.apache.org, jacek...@code-intelligence.com, > yak...@ > > > code-intelligence.com, wag...@code-intelligence.com, bug-d...@ > > > code-intelligence.com, patri...@code-intelligence.com, scha...@ > > > code-intelligence.com, garyd...@gmail.com, > > glend...@code-intelligence.com, > > > secur...@commons.apache.org, h...@code-intelligence.com > > > Labels: Proj-apache-commons-io > > > Type: Build-Failure > > > > > > New issue 54739 by ClusterFuzz-External: apache-commons-io: Fuzzing > build > > > failure > > > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54739 > > > > > > The last 3 builds for apache-commons-io have been failing. > > > Build log: > > > > > > https://oss-fuzz-build-logs.storage.googleapis.com/log-18394e97-9804-45e3-a5ad-588e03c54f70.txt > > > Build type: fuzzing > > > > > > To reproduce locally, please see: > > > > > > https://google.github.io/oss-fuzz/advanced-topics/reproducing#reproducing-build-failures > > > > > > This bug tracker is not being monitored by OSS-Fuzz team. If you have > any > > > questions, please create an issue at > > > https://github.com/google/oss-fuzz/issues/new. > > > > > > **This bug will be automatically closed within a day once it is > fixed.** > > > > > > -- > > > You received this message because: > > > 1. You were specifically CC'd on the issue > > > > > > You may adjust your notification preferences at: > > > https://bugs.chromium.org/hosting/settings > > > > > > Reply to this email to add a comment. > > > > > > > > -- > > Roman Wagner > Application Security Engineer > > Code Intelligence GmbH > Rheinwerkallee 6 > D-53227 Bonn, Germany > https://www.code-intelligence.com > > Managing Directors: Sergej Dechand, Dr. Khaled Yakdan > Registered office and court of registry: Bonn, Germany, HRB 23408 > > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient or have received this e-mail in error, > please notify the sender immediately and destroy this e-mail. Any > unauthorized copying, disclosure, or distribution of the material in this > e-mail is strictly forbidden. >
Re: Issue 54739 in oss-fuzz: apache-commons-io: Fuzzing build failure
Hi Gary, it seems to be related to the removal of maven binary version 3.8.6 on https://dlcdn.apache.org/maven/maven-3/. We could solve this by updating the maven download link in the oss-fuzz integration to version 3.8.7. Or would you suggest any other maven version that would be longer available on https://dlcdn.apache.org/maven/maven-3? Best regards Roman On Mon, Jan 2, 2023 at 12:38 PM Gary Gregory wrote: > What is this? Related to Maven 3.8.6 vs 3.8.7 which just came out? > > Gary > > On Mon, Jan 2, 2023, 06:09 ClusterFuzz-External via monorail < > monorail+v2.382749...@chromium.org> wrote: > > > Status: New > > Owner: > > CC: fuzz-...@commons.apache.org, jacek...@code-intelligence.com, yak...@ > > code-intelligence.com, wag...@code-intelligence.com, bug-d...@ > > code-intelligence.com, patri...@code-intelligence.com, scha...@ > > code-intelligence.com, garyd...@gmail.com, > glend...@code-intelligence.com, > > secur...@commons.apache.org, h...@code-intelligence.com > > Labels: Proj-apache-commons-io > > Type: Build-Failure > > > > New issue 54739 by ClusterFuzz-External: apache-commons-io: Fuzzing build > > failure > > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54739 > > > > The last 3 builds for apache-commons-io have been failing. > > Build log: > > > https://oss-fuzz-build-logs.storage.googleapis.com/log-18394e97-9804-45e3-a5ad-588e03c54f70.txt > > Build type: fuzzing > > > > To reproduce locally, please see: > > > https://google.github.io/oss-fuzz/advanced-topics/reproducing#reproducing-build-failures > > > > This bug tracker is not being monitored by OSS-Fuzz team. If you have any > > questions, please create an issue at > > https://github.com/google/oss-fuzz/issues/new. > > > > **This bug will be automatically closed within a day once it is fixed.** > > > > -- > > You received this message because: > > 1. You were specifically CC'd on the issue > > > > You may adjust your notification preferences at: > > https://bugs.chromium.org/hosting/settings > > > > Reply to this email to add a comment. > > > -- Roman Wagner Application Security Engineer Code Intelligence GmbH Rheinwerkallee 6 D-53227 Bonn, Germany https://www.code-intelligence.com Managing Directors: Sergej Dechand, Dr. Khaled Yakdan Registered office and court of registry: Bonn, Germany, HRB 23408 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient or have received this e-mail in error, please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, or distribution of the material in this e-mail is strictly forbidden.
Re: Issue 54739 in oss-fuzz: apache-commons-io: Fuzzing build failure
What is this? Related to Maven 3.8.6 vs 3.8.7 which just came out? Gary On Mon, Jan 2, 2023, 06:09 ClusterFuzz-External via monorail < monorail+v2.382749...@chromium.org> wrote: > Status: New > Owner: > CC: fuzz-...@commons.apache.org, jacek...@code-intelligence.com, yak...@ > code-intelligence.com, wag...@code-intelligence.com, bug-d...@ > code-intelligence.com, patri...@code-intelligence.com, scha...@ > code-intelligence.com, garyd...@gmail.com, glend...@code-intelligence.com, > secur...@commons.apache.org, h...@code-intelligence.com > Labels: Proj-apache-commons-io > Type: Build-Failure > > New issue 54739 by ClusterFuzz-External: apache-commons-io: Fuzzing build > failure > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54739 > > The last 3 builds for apache-commons-io have been failing. > Build log: > https://oss-fuzz-build-logs.storage.googleapis.com/log-18394e97-9804-45e3-a5ad-588e03c54f70.txt > Build type: fuzzing > > To reproduce locally, please see: > https://google.github.io/oss-fuzz/advanced-topics/reproducing#reproducing-build-failures > > This bug tracker is not being monitored by OSS-Fuzz team. If you have any > questions, please create an issue at > https://github.com/google/oss-fuzz/issues/new. > > **This bug will be automatically closed within a day once it is fixed.** > > -- > You received this message because: > 1. You were specifically CC'd on the issue > > You may adjust your notification preferences at: > https://bugs.chromium.org/hosting/settings > > Reply to this email to add a comment. >