On Sun, 7 Apr 2019 at 11:25, Rob Tompkins <chtom...@gmail.com> wrote: > > > > > On Apr 7, 2019, at 5:52 AM, sebb <seb...@gmail.com> wrote: > > > >> On Sat, 6 Apr 2019 at 17:59, Gary Gregory <garydgreg...@gmail.com> wrote: > >> > >>> On Sat, Apr 6, 2019 at 12:48 PM Rob Tompkins <chtom...@gmail.com> wrote: > >>> > >>> > >>> > >>>> On Apr 6, 2019, at 12:24 PM, Gary Gregory <garydgreg...@gmail.com> wrote: > >>>> > >>>> Hi Sebb, > >>>> > >>>> Thank you for your review. Some comments below. > >>>> > >>>>>> On Sat, Apr 6, 2019 at 5:00 AM sebb <seb...@gmail.com> wrote: > >>>>>> > >>>>>> On Sat, 6 Apr 2019 at 03:15, Gary Gregory <ggreg...@apache.org> wrote: > >>>>>> > >>>>>> We have fixed a few bugs since Apache Commons Pool 2.6.1 was released, > >>>>> so I > >>>>>> would like to release Apache Commons Pool 2.6.2. > >>>>>> > >>>>>> Apache Commons Pool 2.6.2 RC1 is available for review here: > >>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1 (svn > >>>>>> revision 33480) > >>>>>> > >>>>>> The Git tag commons-pool-2.6.2-RC1 commit for this RC is > >>>>>> 06de412e2ce72007a6e43112164c371de4a66d3b which you can browse here: > >>>>>> > >>>>>> > >>>>> https://gitbox.apache.org/repos/asf?p=commons-pool.git;a=commit;h=06de412e2ce72007a6e43112164c371de4a66d3b > >>>>>> You may checkout this tag using: > >>>>>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b > >>>>>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1 > >>>>>> > >>>>>> Maven artifacts are here: > >>>>>> > >>>>>> > >>>>> https://repository.apache.org/content/repositories/orgapachecommons-1432/org/apache/commons/commons-pool2/2.6.2/ > >>>>>> > >>>>>> These are the Maven artifacts and their hashes in Nexus: > >>>>>> > >>>>>> #Release SHA-512s > >>>>>> #Fri Apr 05 21:23:42 EDT 2019 > >>>>>> > >>>>> commons-pool2-2.6.2-test-sources-java-source=7494677ccb265bca20fa61fd143f8a5f2e518653926c9a8ca5b33a6b379f9c9c5c262613839ff722200c7053356cbf6fb3a436823c4d6bf504dce4782a206373 > >>>>> > >>>>> What is commons-pool2-2.6.2-test-sources-java-source ? > >>>>> > >>>> > >>>> Looks like a SNAFU in our release plugin; sorted, the entries should be: > >>> > >>> That’s on me :-) > >>> > >>> I used dashes in there for consistency in property naming, but in > >>> hindsight it’s more confusing. I’m planning on switching it to the file > >>> name verbatim. > >>> > >>> Do we want to include the sha1’s of the nexus “convenience” artifacts? We > >>> can do this, but have hesitated to in the past. > >> > >> > >> On our page http://commons.apache.org/releases/prepare.html I read: "Also > >> the revisions for the various tags, and hashes for the release artifacts", > >> which I interpret as having the vote email contain the hashes of any files > >> we release on Nexus and Dist folders. > >> > >> @Sebastian Bazley WDYT? > > > > The intention of the hash is to tie the published artifacts back to the > > VOTE. > > > > So I thjnk we need hashes of all the artifacts that are listed in the VOTE. > > This includes the convenience artifacts as they should be checked too. > > e.g. they can be checked for valid N&L files and spurious content > > > > Cool. Do we want the hashes to be those that nexus stores, namely the sha1’s, > or do we think they need to be the more secure sha512?
I think they need to agree with the ones in the dist.a.o repo, because those are the primary release artifacts. SHA1 is no longer used there. [I suspect that SHA1 will be dropped from Nexus at some point anyway] > -Rob > > > >> Gary > >> > >>> > >>> -Rob > >>> > >>>> > >>>> commons-pool2-2.6.2-bin-tar.gz > >>>> SHA512 > >>>> 8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e > >>>> > >>>> commons-pool2-2.6.2-bin.zip > >>>> SHA512 > >>>> f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd > >>>> > >>>> commons-pool2-2.6.2-src-tar.gz > >>>> SHA512 > >>>> a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336 > >>>> > >>>> commons-pool2-2.6.2-src.zip > >>>> SHA512 > >>>> 86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a > >>>> > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar > >>>> (SHA1: 16cea19174aa457aa254572b9a439926adc4f02a) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar > >>>> (SHA1: df34b03e3af2183cce59faa892b2fbd6adacfea1) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-test-sources.jar.asc > >>>> (SHA1: 11e34225a509129a726781fb8f179d1c08f4f43f) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar.asc > >>>> (SHA1: a80bf487ec6a5a5a40b8e0437ea3e27557a8002d) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar > >>>> (SHA1: 5b9c9a358fe3d168e53640c324efe1e98acc5c2d) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom.asc > >>>> (SHA1: 2e6509d0e77e52dd4cd466a4adf0b046525995ce) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.jar > >>>> (SHA1: 775a8072995b29eafe8fb0a828a190589f71cede) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-javadoc.jar.asc > >>>> (SHA1: 82702906bd6c04e56f79fe78570ef090dd2c7680) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar > >>>> (SHA1: 730e1f4e0af8513090412fbbfb8075e625770fc0) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-tests.jar.asc > >>>> (SHA1: 4fe9ab98ebc9ccc8362319260145b2450f6e94ef) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2.pom > >>>> (SHA1: 597c26594bbf7c24f41603c507fbfdae92cb567e) > >>>> /org/apache/commons/commons-pool2/2.6.2/commons-pool2-2.6.2-sources.jar.asc > >>>> (SHA1: b691db5b596325e2cb2fca6c71a6d1b8b4bb71c6) > >>>> > >>>> > >>>>>> > >>>>> commons-pool2-2.6.2-src-zip=86a8e77b6d50ab57c2e9374a6f1d1e3d66946e541f90eacc822126026901ba4f172ddb0549f101c62757cb0389e23751063bb0e97128699aa9d8a7b8c5ebbd7a > >>>>>> > >>>>> commons-pool2-2.6.2-sources-java-source=7984cabeda669cb84d54dc65cfe8992ee73bc87b9cb32853482649fe3bb09062f48ee3fe739ec141dad17c071853d6a8ef2ad4a738ceb532b71d49722fa914d0 > >>>>> > >>>>> Ditto commons-pool2-2.6.2-sources-java-source ? > >>>>> > >>>>>> > >>>>> commons-pool2-2.6.2-pom.asc=0c2aa02dbac198db0b13d928130c258f1cf9f1e6432a2aedb3639401fb15b332245378cf439b735da61b024d2032ca889133586062cd01c548adcae5c57c82fa > >>>>>> > >>>>> commons-pool2-2.6.2-tests-jar.asc=c4eab9e7200a9ef6577af29889982d60febf0534e7cddb57950049044ffaece22aacd1ced22aed0fc8c8a5236e5423afdfe445c0da517b9f5d6c33a4cc71e321 > >>>>>> > >>>>> commons-pool2-2.6.2-bin-zip.asc=66c004f5805eecf897bdf007d746489e1eaf74d484d6136b72bcac0a5654f45be351b83fe6015880c1581a8b143f913b29aff07462c28371e5e6483bf28e1687 > >>>>>> > >>>>> commons-pool2-2.6.2-src-tar.gz=a02f34c5e38bbcf2f1960cc1b89f468e6c4229b7d5f48b60044dd7a670d2a00eaab08fa8eca7b135b2696fe7a09824fcafe7ab3c4513716d1a4003f0bb3c0336 > >>>>>> > >>>>> commons-pool2-2.6.2-javadoc-jar.asc=97ab6e2ecf47ec356f8514d51325652468469e99d819769014dbbd1fe77830d27c4efbb4389116052369af5ccc18167a98a1dedda0243a2cf98942e98c05ba45 > >>>>>> > >>>>> commons-pool2-2.6.2-test-sources-jar.asc=141122c4aebb25f72d91f208d9b6912c0ecc1b1dedc41972ee281bc6b54c6222ff4993d5c8ad6ab939e5154109f226f67206bb34bed913c6ee00a76c9ba21260 > >>>>>> > >>>>> commons-pool2-2.6.2-bin-tar.gz.asc=67a787a210e787a1f74d0fa4af9c3708ed236c70aa4329e202d6bec0837b23a7779a72a358d02b7ee99d2a6d2eaaf8b01c0d7b2e404e742e9e8aca54bd0377fe > >>>>>> > >>>>> commons-pool2-2.6.2-sources-jar.asc=ec62de6a0c294687abffe56a5faea5725e704b792593e7ea3a12b7837cccf476f69c70fe7d8f19ef67a7f1a6bb5f28cbbc239e37cd396caf530bcca7acf6057a > >>>>>> > >>>>> commons-pool2-2.6.2-bin-tar.gz=8bf3b5bdd81c88761421e45ae8904e9718f152d09124880cf0acdcf08e7e64ab9a16eed23977f871bc8365801e3a7d4b1af254dd83fcdadca43520f7399b140e > >>>>>> > >>>>> commons-pool2-2.6.2-javadoc-javadoc=31504dce4d3e7ef638dcdec1bcbef15467837cf80c21c3fc9a89abcaf2e04de6b2a33165ea3ac809ba3fa27410d7dc6dbe7bb1773b73f9045c73a8081a1f9e17 > >>>>> > >>>>> And javadoc-javadoc? > >>>>> > >>>>>> > >>>>> commons-pool2-2.6.2-src-tar.gz.asc=61ae67fb0c9aa6e6760dfbe73c554642acace81a5f1cfa84cd5cdeab1ceb8fe122899514db185ef91920881a5ca9124e93c423f632bc02dd186705719a502eeb > >>>>>> > >>>>> commons-pool2-2.6.2-src-zip.asc=523227eca9aac3fbb2dc118e1a7cc62f79541bc29362c4d3c0923e4f19f4dcb1e2562422e849f90243d840b32ff9ce9787df0491753c7f6b3d0667d95d53e666 > >>>>>> > >>>>> commons-pool2-2.6.2-tests-test-jar=c8f9df3a4b8c9eb291a173846cacbdf7d29aa0ba34936889ae825873d82cdfb25ed5e66f728260d1b64bee4d19e7256e3b0052eb099909a0baaa65027960ce81 > >>>>>> > >>>>> commons-pool2-2.6.2-jar.asc=fe3b932a97ca44c4c2c7a41b015b184d9e8d21ba2197f1157ba71f60808b735ada20b6c1cfacc4f6fbc59ea5c0f0cbbe957c6ab2c16892f18b6f911497e795d8 > >>>>>> > >>>>> commons-pool2-2.6.2-bin-zip=f80ef3718b319f4c2d0605466a49947598d74f1c50d0c3e53d7603f022f3d78d56b3b1291cf0f6382d20642dd4782d87b55c6f56b49475281e21179dbfae4fcd > >>>>> > >>>>> The above are really difficult to read, it would be easier if the name > >>>>> and hash were on subsequent lines > >>>>> > >>>> > >>>> Yeah, that's just the contents of a property file generated by our > >>>> release > >>>> plugin, so we do not format it. We could... > >>>> > >>>> > >>>>>> (no need for .asc hashes!) > >>>>> > >>>>> So why include them? > >>>>> > >>>> > >>>> Mistake in the release plugin... Rob and I will look into it... > >>>> > >>>> Gary > >>>> > >>>>> > >>>>>> I have tested this with 'clean package site' using: > >>>>>> > >>>>>> Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3; > >>>>>> 2018-10-24T14:41:47-04:00) > >>>>>> Maven home: C:\Java\apache-maven-3.6.0\bin\.. > >>>>>> Java version: 1.8.0_202, vendor: Oracle Corporation, runtime: > >>>>>> C:\Program > >>>>>> Files\Java\jdk1.8.0_202\jre > >>>>>> Default locale: en_US, platform encoding: Cp1252 > >>>>>> OS name: "windows 10", version: "10.0", arch: "amd64", family: > >>>>>> "windows" > >>>>>> Microsoft Windows [Version 10.0.16299.967] > >>>>>> > >>>>>> Details of changes since 2.6.1 are in the release notes: > >>>>>> > >>>>>> > >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/RELEASE-NOTES.txt > >>>>>> > >>>>>> > >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/changes-report.html > >>>>>> > >>>>>> Site: > >>>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site > >>>>>> (note some *relative* links are broken and the 2.6.2 directories are > >>>>>> not yet created - these will be OK once the site is deployed.) > >>>>>> > >>>>>> CLIRR Report (compared to 2.6.1): > >>>>>> > >>>>>> > >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/clirr-report.html > >>>>>> > >>>>>> JApiCmp Report (compared to 2.6.1): > >>>>>> > >>>>>> > >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/japicmp.html > >>>>>> > >>>>>> RAT Report: > >>>>>> > >>>>>> > >>>>> https://dist.apache.org/repos/dist/dev/commons/pool/2.6.2-RC1/site/rat-report.html > >>>>>> > >>>>>> KEYS: > >>>>>> https://www.apache.org/dist/commons/KEYS > >>>>>> > >>>>>> Please review the release candidate and vote. > >>>>>> This vote will close no sooner that 72 hours from now. > >>>>>> > >>>>>> [ ] +1 Release these artifacts > >>>>>> [ ] +0 OK, but... > >>>>>> [ ] -0 OK, but really should fix... > >>>>>> [ ] -1 I oppose this release because... > >>>>>> > >>>>>> Thank you, > >>>>>> > >>>>>> Gary Gregory, > >>>>>> Release Manager (using key 86fdc7e2a11262cb) > >>>>>> > >>>>>> For following is intended as a helper and refresher for reviewers. > >>>>>> > >>>>>> Validating a release candidate > >>>>>> ============================== > >>>>>> > >>>>>> These guidelines are NOT complete. > >>>>>> > >>>>>> Requirements: Git, Java, Maven. > >>>>>> > >>>>>> You can validate a release from a release candidate (RC) tag as > >>>>>> follows. > >>>>>> > >>>>>> 1) Clone and checkout the RC: > >>>>>> > >>>>>> git clone https://gitbox.apache.org/repos/asf/commons-pool.git -b > >>>>>> commons-pool-2.6.2-RC1 commons-pool-2.6.2-RC1 > >>>>>> cd commons-pool-2.6.2-RC1 > >>>>>> > >>>>>> 2) Check Apache licenses: > >>>>>> > >>>>>> mvn apache-rat:check > >>>>>> > >>>>>> 3) Build the package: > >>>>>> > >>>>>> mvn -V clean package > >>>>>> > >>>>>> You can record the Maven and Java version produced by -V in your VOTE > >>>>> reply. > >>>>>> > >>>>>> 4) Build the site for a single module project: > >>>>>> > >>>>>> mvn site > >>>>>> Check the site reports in: > >>>>>> target\site\index.html > >>>>> > >>>>> [Windows only path] > >>>>> > >>>> > >>>> I added a Linux version in git master. > >>>> > >>>> > >>>>> > >>>>>> 4) Build the site for a multi-module project: > >>>>>> > >>>>>> mvn site > >>>>>> mvn site:stage > >>>>>> Check the site reports in: > >>>>>> target\site\index.html > >>>>> > >>>>> [Windows only] > >>>>> > >>>>> > >>>> I added a Linux version in git master. > >>>> > >>>> Gary > >>>> > >>>>> --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >>>>> For additional commands, e-mail: dev-h...@commons.apache.org > >>>>> > >>>>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >>> For additional commands, e-mail: dev-h...@commons.apache.org > >>> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
