Hello everyone,
I would like to call a vote for releasing Apache YuniKorn 1.5.0 RC1.
The release artefacts have been uploaded here:
https://dist.apache.org/repos/dist/dev/yunikorn/1.5.0-RC1
My public key is located in the KEYS file:
https://downloads.apache.org//yunikorn/KEYS
JIRA issues th
+1 to RC1
- all tests pass on my local
- succeed to build all docker images
- run spark jobs with gang
- deploy pods with fifo
On 2024/03/02 16:38:44 TingYao wrote:
> Hello everyone,
>
> I would like to call a vote for releasing Apache YuniKorn 1.5.0 RC1.
>
> The release artefacts have been upl
I’m trying to validate the binaries produced using the new reproducible builds
feature, but I’m getting different checksums than what the README indicates I
should. Was the release tarball created from a fresh checkout of the release
repository with no uncommitted changes?
README.md shows these
The binaries generated for me are really different. I copied out the
files generated during the building of the release and compared them
with files I generated based on the release. The sha-512 sums that are
part of the README in my release are again different from any that
have been shown here or
+1
- Verified signatures and checksums (The provided one in this mail
chain.)
- Built on Ubuntu 23.04(amd64) with go1.21.6 linux/amd64
- Checked Web UI, the new node utilization chart/presentation of
resource units looks good.
- E2E tests passed
- Run simple preemption test i
-1 (binding).
All,
We have a few issues in rc1 that I believe we should address before shipping
1.5.0:
CVEs:
- CVE-2024-24783 (requires rebuild with go 1.21.8)
- CVE-2023-45290 (requires rebuild with go 1.21.8)
- CVE-2023-45289 (requires rebuild with go 1.21.8)
- CVE-2024-24786 (requires updat
All of the below-mentioned issues have been resolved in branch-1.5.0 in
preparation for a possible 1.5.0-rc2. Assuming we move forward with rc2, we
should build with go 1.21.8 to ensure the latest fixes in the go standard
library are included as well.
Craig
> On Mar 5, 2024, at 3:12 PM, Craig
Yes I think we need to spin a new RC: -1 for RC1
Go 1.21.8 delivers a total of 5 CVE fixes, with another CVE in the
protobuf code.
We should fix the two memory leaks discovered. Both are simple and
non-invasive fixes.
We should remove the reproducible build details from the README until
we figure
Thank you all for your responses and assistance in resolving the issue.
Based on the discussion outcome, I will build RC2 with go 1.21.8 as soon as
possible and initiate the voting process.
Tingyao
Wilfred Spiegelenburg 於 2024年3月6日 週三 上午8:18寫道:
> Yes I think we need to spin a new RC: -1 for RC1
