Hi, On the 8.0.1 release topic there was an automated PR on conda-forge for the arrow-cpp-feedstocks around the 8.0.1 release [1]. Not entirely sure if we have to do something about it.
Regards, Raúl [1] https://github.com/conda-forge/arrow-cpp-feedstock/pull/805 On Thu, Jul 28, 2022 at 3:58 PM Matthew Topol <m...@voltrondata.com.invalid> wrote: > It would probably be a good idea to just make sure that any release > notes mention that for a Go user to upgrade their dependency they need > to run something like `go get -u github.com/apache/arrow/go/v6/@v6.0.2` > <http://github.com/apache/arrow/go/v6/@v6.0.2> > replacing v6/v6.0.2 with their desired version combination. This will > get them the patched version without upgrading their major version. > > We should also probably link to the JIRA issue that precipitated the > releases so people can easily see the vulnerability that is being > patched. > > --Matt > > On Thu, Jul 28 2022 at 02:29:59 PM +0900, Sutou Kouhei > <k...@clear-code.com> wrote: > > Hi, > > > > I didn't upload release notes and documentation for 6.0.2, > > 7.0.1 and 8.0.1 because they are irregular releases for us: > > > > * We don't recommend users expect Go users to use 6.0.2, > > 7.0.1 and 8.0.1. > > Reasons: > > * There are no differences with 6.0.1&6.0.2, 7.0.0&7.0.1, > > 8.0.0&8.0.1 except the Go part. > > * We don't distribute binary packages for 6.0.2, 7.0.1 and > > 8.0.1. > > * Generally, Go users don't use our source packages at > > <https://dist.apache.org/repos/dist/release/arrow/> . They > > use the source code in our GitHub repository with > > github.com/apache/arrow/go/v6/arrow, > > github.com/apache/arrow/go/v7/arrow or > > github.com/apache/arrow/go/v8/arrow. Note that they don't > > need to change the import line to use 6.0.2, 7.0.1 or > > 8.0.1 because v6/v7/v8 refers the latest go/6.Y.Z, > > go/7.Y.Z and go/8.Y.Z automatically. > > * ... > > * We can't use our usual release note format for 6.0.2, 7.0.1 > > and 8.0.1 because we don't distribute binary packages. Our > > usual release note format expects that we distribute > > binary packages. > > > > I don't opposite uploading release notes and documentation > > with careful notes about these releases. If someone wants to > > work on it, I can help him/her. > > > > > > Thanks, > > -- > > kou > > > > In > > <CAGNHocNVRjyxwYU_uPQp3e8CqDQbM-p875HJrSk0Nq7CWZ=g...@mail.gmail.com > > <mailto:CAGNHocNVRjyxwYU_uPQp3e8CqDQbM-p875HJrSk0Nq7CWZ= > g...@mail.gmail.com>> > > "Re: [RESULT][VOTE] Release Apache Arrow 8.0.1 - RC0" on Tue, 26 > > Jul 2022 16:25:47 -0600, > > Todd Farmer <t...@voltrondata.com.INVALID > > <mailto:t...@voltrondata.com.INVALID>> wrote: > > > >> Hello, > >> > >> Apologies for the late response to this thread. While not related > >> to the > >> vote, I do have a related question about administration of releases > >> such as > >> this. I notice: > >> > >> 1. There is no 8.0.1 release notes [1] - should this be added? It's > >> worth > >> noting that no release notes currently reference ARROW-16759. Given > >> this > >> issue was sufficiently critical to warrant an 8.0.1 release, I > >> suspect we > >> would want to ensure it appears in release notes somewhere. > >> 2. There is no 8.0.1 documentation [2] - should this be generated? I > >> suspect not, given there is no change in functionality (or docs > >> contents). > >> I will note that lack of documentation could cause (Go) user > >> confusion, if > >> they find they are using a version 8.0.1 and are presented with > >> documentation for 8.0.0. > >> > >> [1] <https://arrow.apache.org/release/> > >> [2] <https://arrow.apache.org/docs/index.html> (see version selector > >> drop-down) > >> > >> Thanks, > >> > >> Todd > >> > >> On Mon, Jul 18, 2022 at 7:04 PM Sutou Kouhei <k...@clear-code.com > >> <mailto:k...@clear-code.com>> wrote: > >> > >>> Hi, > >>> > >>> I've released 8.0.1: > >>> > >>> * I've published > >>> <https://dist.apache.org/repos/dist/release/arrow/arrow-8.0.1/> > >>> * I've pushed the > >>> <https://github.com/apache/arrow/releases/tag/go%2Fv8.0.1> > >>> tag > >>> * I've made the "8.0.1" version on JIRA "released": > >>> > >>> <https://issues.apache.org/jira/projects/ARROW/versions/12352081> > >>> * I've added 8.0.1 entry to Apache Committee Report by > >>> <https://reporter.apache.org/addrelease.html?arrow> > >>> > >>> Thanks, > >>> -- > >>> kou > >>> > >>> In <20220719.093100.685134697791841749....@clear-code.com > >>> <mailto:20220719.093100.685134697791841749....@clear-code.com>> > >>> "[RESULT][VOTE] Release Apache Arrow 8.0.1 - RC0" on Tue, 19 Jul > >>> 2022 > >>> 09:31:00 +0900 (JST), > >>> Sutou Kouhei <k...@clear-code.com <mailto:k...@clear-code.com>> > >>> wrote: > >>> > >>> > Hi, > >>> > > >>> > The vote carries with 4 +1 binding votes and 2 +1 > >>> > non-binding votes. > >>> > > >>> > I'll publish this as 8.0.1. > >>> > > >>> > Thanks, > >>> > -- > >>> > kou > >>> > > >>> > In <20220715.061057.1116573445635493266....@clear-code.com > >>> <mailto:20220715.061057.1116573445635493266....@clear-code.com>> > >>> > "[VOTE] Release Apache Arrow 8.0.1 - RC0" on Fri, 15 Jul 2022 > >>> 06:10:57 > >>> +0900 (JST), > >>> > Sutou Kouhei <k...@clear-code.com <mailto:k...@clear-code.com>> > >>> wrote: > >>> > > >>> >> Hi, > >>> >> > >>> >> I would like to propose the following release candidate > >>> >> (RC0) of Apache Arrow version 8.0.1. This is a release > >>> >> consisting of 1 resolved JIRA issues[1]. > >>> >> > >>> >> This is one of releases[2] that focus on a Go related > >>> >> security vulnerability[3]. We don't publish binary artifacts > >>> >> of this release because we don't have Go related binaries. > >>> >> > >>> >> This release candidate is based on commit: > >>> >> 9966c39583f1e203bac9200753e9db32478d43a6 [4] > >>> >> > >>> >> The source release rc0 is hosted at [5]. > >>> >> The changelog is located at [6]. > >>> >> > >>> >> Please download, verify checksums and signatures, run the > >>> >> unit tests, and vote on the release. See [7] for how to > >>> >> validate a release candidate. But you need to verify only Go > >>> >> related tests because this release candidate only includes a > >>> >> change for Go. So we can use the following command line: > >>> >> > >>> >> TEST_DEFAULT=0 TEST_GO=1 > >>> dev/release/verify-release-candidate.sh > >>> 8.0.1 0 > >>> >> > >>> >> The vote will be open for at least 72 hours. > >>> >> > >>> >> [ ] +1 Release this as Apache Arrow 8.0.1 > >>> >> [ ] +0 > >>> >> [ ] -1 Do not release this as Apache Arrow 8.0.1 because... > >>> >> > >>> >> [1]: > >>> > >>> < > https://issues.apache.org/jira/issues/?jql=project%20%3D%20ARROW%20AND%20status%20in%20%28Resolved%2C%20Closed%29%20AND%20fixVersion%20%3D%208.0.1 > > > >>> >> [2] > >>> <https://lists.apache.org/thread/qkkzpvmxc0coqhdkc1qoygwy6h4v5sgn> > >>> >> [3] > >>> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28948> > >>> >> [4]: > >>> > >>> < > https://github.com/apache/arrow/tree/9966c39583f1e203bac9200753e9db32478d43a6 > > > >>> >> [5]: > >>> > >>> <https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-8.0.1-rc0> > >>> >> [6]: > >>> > >>> < > https://github.com/apache/arrow/blob/9966c39583f1e203bac9200753e9db32478d43a6/CHANGELOG.md > > > >>> >> [7]: > >>> > >>> < > https://cwiki.apache.org/confluence/display/ARROW/How+to+Verify+Release+Candidates > > > >>> > >
