[RESULT] [VOTE] Release Apache Druid 0.18.1 [RC2]
Thanks to everyone who participated in the vote! The vote has passed as we got 3 binding +1s: Surekha Saharan: +1 (binding) Jonathan Wei: +1 (binding) Furkan KAMACI: +1 (binding)
Re: [VOTE] Release Apache Druid 0.18.1 [RC2]
Thanks all for voting! I'm going to close this vote. On Tue, May 12, 2020 at 1:08 PM Furkan KAMACI wrote: > Hi, > > +1 (binding). > > I checked: > > - LICENSE is fine > - NOTICE year should be updated (which is changed at master. However I've > created another PR for it) > - No unexpected binary files > - Checked PGP signatures > - Checked Checksums > - Code compiles > - Tests successfully run > - Ran native batch/kafka quickstart > - Apache rat checks are OK > > Kind Regards, > Furkan KAMACI > > On Tue, May 12, 2020 at 10:37 PM Jonathan Wei wrote: > > > +1 (binding) > > > > src: > > - Checked signature/hash > > - Checked LICENSE/NOTICE > > - Ran rat and unit tests > > - Built distribution and ran native batch/kafka quickstart > > > > bin: > > - Checked signature/hash > > - Checked LICENSE/NOTICE > > - ran native batch/kafka quickstart > > > > -- > > > > A note about building the source distribution: > > > > The following error occurs if you use the "apache-release" profile: > > > > [ERROR] Failed to execute goal > org.owasp:dependency-check-maven:5.3.2:check > > (default) on project druid-cloudfiles-extensions: > > [ERROR] > > [ERROR] One or more dependencies were identified with vulnerabilities > that > > have a CVSS score greater than or equal to '7.0': > > [ERROR] > > [ERROR] openstack-keystone-1.9.1.jar: CVE-2020-12689, CVE-2020-12691, > > CVE-2020-12690 > > > > It's in a extensions-contrib extension which isn't included in the built > > distribution, so I don't think we need to fix that for this release. > > > > The tarball can be built successfully by using -Pdist instead of > > -Papache-release,dist > > > > On Mon, May 11, 2020 at 9:21 AM Surekha Saharan < > surekha.saha...@imply.io> > > wrote: > > > > > +1 (binding) > > > > > > src package: > > > - downloaded, verified signature and hash > > > - compiled source and ran unit tests > > > - ran RAT check > > > - checked LICENSE/ NOTICE > > > > > > > > > bin package: > > > - downloaded, verified signature and hash > > > - ran quickstart batch and kafka ingestion tutorial and simple queries > > > - checked LICENSE/NOTICE > > > > > > On Tue, May 5, 2020 at 9:50 PM Jihoon Son > wrote: > > > > > > > Hi all, > > > > > > > > I have created a build for Apache Druid 0.18.1, release candidate 2. > > > > > > > > Thanks for everyone who has helped contribute to the release! You can > > > read > > > > the proposed release notes here: > > > > https://github.com/apache/druid/issues/9798 > > > > > > > > The release candidate has been tagged in GitHub as > > > > druid-0.18.1-rc2 (8436ce4252b4ef5ab20acc532390c225930f299e), > > > > available here: > > > > https://github.com/apache/druid/releases/tag/druid-0.18.1-rc2 > > > > > > > > The artifacts to be voted on are located here: > > > > https://dist.apache.org/repos/dist/dev/druid/0.18.1-rc2/ > > > > > > > > Staged druid.apache.org website documentation is available here: > > > > https://druid.staged.apache.org/docs/0.18.1/design/index.html > > > > > > > > A Docker image containing the binary of the release candidate can be > > > > retrieved via: > > > > docker pull apache/druid:0.18.1-rc2 > > > > > > > > artifact checksums > > > > src: > > > > > > > > > > > > > > 8043265d6fb6d691b1bd1c63675f3cf76c5973a535ec5846826886cfbfc97e753dee07c1f5354aa109a07a730d9c0ff896291e7e9bbde40bdf6ed6221cd2c715 > > > > bin: > > > > > > > > > > > > > > ab7e4d193539e9daa8f5a45596bf598f37832beade6be7d17a04c9f1d88339e99ca19c616307138dd27e191399a822659641c10444a14bbbab122cebd36dd0f4 > > > > docker: > > ccdf14da4e10ed9ee92b1ce4923b812fa72d0cca3fab2f5ee83c08e7cd4812df > > > > > > > > Release artifacts are signed with the following key: > > > > https://people.apache.org/keys/committer/jihoonson.asc > > > > > > > > This key and the key of other committers can also be found in the > > > project's > > > > KEYS file here: > > > > https://dist.apache.org/repos/dist/release/druid/KEYS > > > > > > > > (If you are a committer, please feel free to add your own key to that > > > file > > > > by following the instructions in the file's header.) > > > > > > > > > > > > Verify checksums: > > > > diff <(shasum -a512 apache-druid-0.18.1-src.tar.gz | \ > > > > cut -d ' ' -f1) \ > > > > <(cat apache-druid-0.18.1-src.tar.gz.sha512 ; echo) > > > > > > > > diff <(shasum -a512 apache-druid-0.18.1-bin.tar.gz | \ > > > > cut -d ' ' -f1) \ > > > > <(cat apache-druid-0.18.1-bin.tar.gz.sha512 ; echo) > > > > > > > > Verify signatures: > > > > gpg --verify apache-druid-0.18.1-src.tar.gz.asc \ > > > > apache-druid-0.18.1-src.tar.gz > > > > > > > > gpg --verify apache-druid-0.18.1-bin.tar.gz.asc \ > > > > apache-druid-0.18.1-bin.tar.gz > > > > > > > > Please review the proposed artifacts and vote. Note that Apache has > > > > specific requirements that must be met before +1 binding votes can be > > > cast > > > > by PMC members. Please refer to the policy at > > > > http://www.apache.org/legal/release-policy.html#policy for more > > details. > > > > > > > > As part of
Re: [VOTE] Release Apache Druid 0.18.1 [RC2]
Hi, +1 (binding). I checked: - LICENSE is fine - NOTICE year should be updated (which is changed at master. However I've created another PR for it) - No unexpected binary files - Checked PGP signatures - Checked Checksums - Code compiles - Tests successfully run - Ran native batch/kafka quickstart - Apache rat checks are OK Kind Regards, Furkan KAMACI On Tue, May 12, 2020 at 10:37 PM Jonathan Wei wrote: > +1 (binding) > > src: > - Checked signature/hash > - Checked LICENSE/NOTICE > - Ran rat and unit tests > - Built distribution and ran native batch/kafka quickstart > > bin: > - Checked signature/hash > - Checked LICENSE/NOTICE > - ran native batch/kafka quickstart > > -- > > A note about building the source distribution: > > The following error occurs if you use the "apache-release" profile: > > [ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.2:check > (default) on project druid-cloudfiles-extensions: > [ERROR] > [ERROR] One or more dependencies were identified with vulnerabilities that > have a CVSS score greater than or equal to '7.0': > [ERROR] > [ERROR] openstack-keystone-1.9.1.jar: CVE-2020-12689, CVE-2020-12691, > CVE-2020-12690 > > It's in a extensions-contrib extension which isn't included in the built > distribution, so I don't think we need to fix that for this release. > > The tarball can be built successfully by using -Pdist instead of > -Papache-release,dist > > On Mon, May 11, 2020 at 9:21 AM Surekha Saharan > wrote: > > > +1 (binding) > > > > src package: > > - downloaded, verified signature and hash > > - compiled source and ran unit tests > > - ran RAT check > > - checked LICENSE/ NOTICE > > > > > > bin package: > > - downloaded, verified signature and hash > > - ran quickstart batch and kafka ingestion tutorial and simple queries > > - checked LICENSE/NOTICE > > > > On Tue, May 5, 2020 at 9:50 PM Jihoon Son wrote: > > > > > Hi all, > > > > > > I have created a build for Apache Druid 0.18.1, release candidate 2. > > > > > > Thanks for everyone who has helped contribute to the release! You can > > read > > > the proposed release notes here: > > > https://github.com/apache/druid/issues/9798 > > > > > > The release candidate has been tagged in GitHub as > > > druid-0.18.1-rc2 (8436ce4252b4ef5ab20acc532390c225930f299e), > > > available here: > > > https://github.com/apache/druid/releases/tag/druid-0.18.1-rc2 > > > > > > The artifacts to be voted on are located here: > > > https://dist.apache.org/repos/dist/dev/druid/0.18.1-rc2/ > > > > > > Staged druid.apache.org website documentation is available here: > > > https://druid.staged.apache.org/docs/0.18.1/design/index.html > > > > > > A Docker image containing the binary of the release candidate can be > > > retrieved via: > > > docker pull apache/druid:0.18.1-rc2 > > > > > > artifact checksums > > > src: > > > > > > > > > 8043265d6fb6d691b1bd1c63675f3cf76c5973a535ec5846826886cfbfc97e753dee07c1f5354aa109a07a730d9c0ff896291e7e9bbde40bdf6ed6221cd2c715 > > > bin: > > > > > > > > > ab7e4d193539e9daa8f5a45596bf598f37832beade6be7d17a04c9f1d88339e99ca19c616307138dd27e191399a822659641c10444a14bbbab122cebd36dd0f4 > > > docker: > ccdf14da4e10ed9ee92b1ce4923b812fa72d0cca3fab2f5ee83c08e7cd4812df > > > > > > Release artifacts are signed with the following key: > > > https://people.apache.org/keys/committer/jihoonson.asc > > > > > > This key and the key of other committers can also be found in the > > project's > > > KEYS file here: > > > https://dist.apache.org/repos/dist/release/druid/KEYS > > > > > > (If you are a committer, please feel free to add your own key to that > > file > > > by following the instructions in the file's header.) > > > > > > > > > Verify checksums: > > > diff <(shasum -a512 apache-druid-0.18.1-src.tar.gz | \ > > > cut -d ' ' -f1) \ > > > <(cat apache-druid-0.18.1-src.tar.gz.sha512 ; echo) > > > > > > diff <(shasum -a512 apache-druid-0.18.1-bin.tar.gz | \ > > > cut -d ' ' -f1) \ > > > <(cat apache-druid-0.18.1-bin.tar.gz.sha512 ; echo) > > > > > > Verify signatures: > > > gpg --verify apache-druid-0.18.1-src.tar.gz.asc \ > > > apache-druid-0.18.1-src.tar.gz > > > > > > gpg --verify apache-druid-0.18.1-bin.tar.gz.asc \ > > > apache-druid-0.18.1-bin.tar.gz > > > > > > Please review the proposed artifacts and vote. Note that Apache has > > > specific requirements that must be met before +1 binding votes can be > > cast > > > by PMC members. Please refer to the policy at > > > http://www.apache.org/legal/release-policy.html#policy for more > details. > > > > > > As part of the validation process, the release artifacts can be > generated > > > from source by running: > > > mvn clean install -Papache-release,dist -Dgpg.skip > > > > > > The RAT license check can be run from source by: > > > mvn apache-rat:check -Prat > > > > > > This vote will be open for at least 72 hours. The vote will pass if a > > > majority of at least three +1 PMC votes are cast. > > > > > > [ ] +1 Release this package as Apache Druid
Re: [VOTE] Release Apache Druid 0.18.1 [RC2]
+1 (binding) src: - Checked signature/hash - Checked LICENSE/NOTICE - Ran rat and unit tests - Built distribution and ran native batch/kafka quickstart bin: - Checked signature/hash - Checked LICENSE/NOTICE - ran native batch/kafka quickstart -- A note about building the source distribution: The following error occurs if you use the "apache-release" profile: [ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.3.2:check (default) on project druid-cloudfiles-extensions: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': [ERROR] [ERROR] openstack-keystone-1.9.1.jar: CVE-2020-12689, CVE-2020-12691, CVE-2020-12690 It's in a extensions-contrib extension which isn't included in the built distribution, so I don't think we need to fix that for this release. The tarball can be built successfully by using -Pdist instead of -Papache-release,dist On Mon, May 11, 2020 at 9:21 AM Surekha Saharan wrote: > +1 (binding) > > src package: > - downloaded, verified signature and hash > - compiled source and ran unit tests > - ran RAT check > - checked LICENSE/ NOTICE > > > bin package: > - downloaded, verified signature and hash > - ran quickstart batch and kafka ingestion tutorial and simple queries > - checked LICENSE/NOTICE > > On Tue, May 5, 2020 at 9:50 PM Jihoon Son wrote: > > > Hi all, > > > > I have created a build for Apache Druid 0.18.1, release candidate 2. > > > > Thanks for everyone who has helped contribute to the release! You can > read > > the proposed release notes here: > > https://github.com/apache/druid/issues/9798 > > > > The release candidate has been tagged in GitHub as > > druid-0.18.1-rc2 (8436ce4252b4ef5ab20acc532390c225930f299e), > > available here: > > https://github.com/apache/druid/releases/tag/druid-0.18.1-rc2 > > > > The artifacts to be voted on are located here: > > https://dist.apache.org/repos/dist/dev/druid/0.18.1-rc2/ > > > > Staged druid.apache.org website documentation is available here: > > https://druid.staged.apache.org/docs/0.18.1/design/index.html > > > > A Docker image containing the binary of the release candidate can be > > retrieved via: > > docker pull apache/druid:0.18.1-rc2 > > > > artifact checksums > > src: > > > > > 8043265d6fb6d691b1bd1c63675f3cf76c5973a535ec5846826886cfbfc97e753dee07c1f5354aa109a07a730d9c0ff896291e7e9bbde40bdf6ed6221cd2c715 > > bin: > > > > > ab7e4d193539e9daa8f5a45596bf598f37832beade6be7d17a04c9f1d88339e99ca19c616307138dd27e191399a822659641c10444a14bbbab122cebd36dd0f4 > > docker: ccdf14da4e10ed9ee92b1ce4923b812fa72d0cca3fab2f5ee83c08e7cd4812df > > > > Release artifacts are signed with the following key: > > https://people.apache.org/keys/committer/jihoonson.asc > > > > This key and the key of other committers can also be found in the > project's > > KEYS file here: > > https://dist.apache.org/repos/dist/release/druid/KEYS > > > > (If you are a committer, please feel free to add your own key to that > file > > by following the instructions in the file's header.) > > > > > > Verify checksums: > > diff <(shasum -a512 apache-druid-0.18.1-src.tar.gz | \ > > cut -d ' ' -f1) \ > > <(cat apache-druid-0.18.1-src.tar.gz.sha512 ; echo) > > > > diff <(shasum -a512 apache-druid-0.18.1-bin.tar.gz | \ > > cut -d ' ' -f1) \ > > <(cat apache-druid-0.18.1-bin.tar.gz.sha512 ; echo) > > > > Verify signatures: > > gpg --verify apache-druid-0.18.1-src.tar.gz.asc \ > > apache-druid-0.18.1-src.tar.gz > > > > gpg --verify apache-druid-0.18.1-bin.tar.gz.asc \ > > apache-druid-0.18.1-bin.tar.gz > > > > Please review the proposed artifacts and vote. Note that Apache has > > specific requirements that must be met before +1 binding votes can be > cast > > by PMC members. Please refer to the policy at > > http://www.apache.org/legal/release-policy.html#policy for more details. > > > > As part of the validation process, the release artifacts can be generated > > from source by running: > > mvn clean install -Papache-release,dist -Dgpg.skip > > > > The RAT license check can be run from source by: > > mvn apache-rat:check -Prat > > > > This vote will be open for at least 72 hours. The vote will pass if a > > majority of at least three +1 PMC votes are cast. > > > > [ ] +1 Release this package as Apache Druid 0.18.1 > > [ ] 0 I don't feel strongly about it, but I'm okay with the release > > [ ] -1 Do not release this package because... > > > > Thanks! > > >
Re: [VOTE] Release Apache Druid 0.18.1 [RC2]
+1 (binding) src package: - downloaded, verified signature and hash - compiled source and ran unit tests - ran RAT check - checked LICENSE/ NOTICE bin package: - downloaded, verified signature and hash - ran quickstart batch and kafka ingestion tutorial and simple queries - checked LICENSE/NOTICE On Tue, May 5, 2020 at 9:50 PM Jihoon Son wrote: > Hi all, > > I have created a build for Apache Druid 0.18.1, release candidate 2. > > Thanks for everyone who has helped contribute to the release! You can read > the proposed release notes here: > https://github.com/apache/druid/issues/9798 > > The release candidate has been tagged in GitHub as > druid-0.18.1-rc2 (8436ce4252b4ef5ab20acc532390c225930f299e), > available here: > https://github.com/apache/druid/releases/tag/druid-0.18.1-rc2 > > The artifacts to be voted on are located here: > https://dist.apache.org/repos/dist/dev/druid/0.18.1-rc2/ > > Staged druid.apache.org website documentation is available here: > https://druid.staged.apache.org/docs/0.18.1/design/index.html > > A Docker image containing the binary of the release candidate can be > retrieved via: > docker pull apache/druid:0.18.1-rc2 > > artifact checksums > src: > > 8043265d6fb6d691b1bd1c63675f3cf76c5973a535ec5846826886cfbfc97e753dee07c1f5354aa109a07a730d9c0ff896291e7e9bbde40bdf6ed6221cd2c715 > bin: > > ab7e4d193539e9daa8f5a45596bf598f37832beade6be7d17a04c9f1d88339e99ca19c616307138dd27e191399a822659641c10444a14bbbab122cebd36dd0f4 > docker: ccdf14da4e10ed9ee92b1ce4923b812fa72d0cca3fab2f5ee83c08e7cd4812df > > Release artifacts are signed with the following key: > https://people.apache.org/keys/committer/jihoonson.asc > > This key and the key of other committers can also be found in the project's > KEYS file here: > https://dist.apache.org/repos/dist/release/druid/KEYS > > (If you are a committer, please feel free to add your own key to that file > by following the instructions in the file's header.) > > > Verify checksums: > diff <(shasum -a512 apache-druid-0.18.1-src.tar.gz | \ > cut -d ' ' -f1) \ > <(cat apache-druid-0.18.1-src.tar.gz.sha512 ; echo) > > diff <(shasum -a512 apache-druid-0.18.1-bin.tar.gz | \ > cut -d ' ' -f1) \ > <(cat apache-druid-0.18.1-bin.tar.gz.sha512 ; echo) > > Verify signatures: > gpg --verify apache-druid-0.18.1-src.tar.gz.asc \ > apache-druid-0.18.1-src.tar.gz > > gpg --verify apache-druid-0.18.1-bin.tar.gz.asc \ > apache-druid-0.18.1-bin.tar.gz > > Please review the proposed artifacts and vote. Note that Apache has > specific requirements that must be met before +1 binding votes can be cast > by PMC members. Please refer to the policy at > http://www.apache.org/legal/release-policy.html#policy for more details. > > As part of the validation process, the release artifacts can be generated > from source by running: > mvn clean install -Papache-release,dist -Dgpg.skip > > The RAT license check can be run from source by: > mvn apache-rat:check -Prat > > This vote will be open for at least 72 hours. The vote will pass if a > majority of at least three +1 PMC votes are cast. > > [ ] +1 Release this package as Apache Druid 0.18.1 > [ ] 0 I don't feel strongly about it, but I'm okay with the release > [ ] -1 Do not release this package because... > > Thanks! >
[VOTE] Release Apache Druid 0.18.1 [RC2]
Hi all, I have created a build for Apache Druid 0.18.1, release candidate 2. Thanks for everyone who has helped contribute to the release! You can read the proposed release notes here: https://github.com/apache/druid/issues/9798 The release candidate has been tagged in GitHub as druid-0.18.1-rc2 (8436ce4252b4ef5ab20acc532390c225930f299e), available here: https://github.com/apache/druid/releases/tag/druid-0.18.1-rc2 The artifacts to be voted on are located here: https://dist.apache.org/repos/dist/dev/druid/0.18.1-rc2/ Staged druid.apache.org website documentation is available here: https://druid.staged.apache.org/docs/0.18.1/design/index.html A Docker image containing the binary of the release candidate can be retrieved via: docker pull apache/druid:0.18.1-rc2 artifact checksums src: 8043265d6fb6d691b1bd1c63675f3cf76c5973a535ec5846826886cfbfc97e753dee07c1f5354aa109a07a730d9c0ff896291e7e9bbde40bdf6ed6221cd2c715 bin: ab7e4d193539e9daa8f5a45596bf598f37832beade6be7d17a04c9f1d88339e99ca19c616307138dd27e191399a822659641c10444a14bbbab122cebd36dd0f4 docker: ccdf14da4e10ed9ee92b1ce4923b812fa72d0cca3fab2f5ee83c08e7cd4812df Release artifacts are signed with the following key: https://people.apache.org/keys/committer/jihoonson.asc This key and the key of other committers can also be found in the project's KEYS file here: https://dist.apache.org/repos/dist/release/druid/KEYS (If you are a committer, please feel free to add your own key to that file by following the instructions in the file's header.) Verify checksums: diff <(shasum -a512 apache-druid-0.18.1-src.tar.gz | \ cut -d ' ' -f1) \ <(cat apache-druid-0.18.1-src.tar.gz.sha512 ; echo) diff <(shasum -a512 apache-druid-0.18.1-bin.tar.gz | \ cut -d ' ' -f1) \ <(cat apache-druid-0.18.1-bin.tar.gz.sha512 ; echo) Verify signatures: gpg --verify apache-druid-0.18.1-src.tar.gz.asc \ apache-druid-0.18.1-src.tar.gz gpg --verify apache-druid-0.18.1-bin.tar.gz.asc \ apache-druid-0.18.1-bin.tar.gz Please review the proposed artifacts and vote. Note that Apache has specific requirements that must be met before +1 binding votes can be cast by PMC members. Please refer to the policy at http://www.apache.org/legal/release-policy.html#policy for more details. As part of the validation process, the release artifacts can be generated from source by running: mvn clean install -Papache-release,dist -Dgpg.skip The RAT license check can be run from source by: mvn apache-rat:check -Prat This vote will be open for at least 72 hours. The vote will pass if a majority of at least three +1 PMC votes are cast. [ ] +1 Release this package as Apache Druid 0.18.1 [ ] 0 I don't feel strongly about it, but I'm okay with the release [ ] -1 Do not release this package because... Thanks!