Looks like some of the non-blockers are things I didn’t notice before (like the user’s guide). I suppose I assumed that the site build automatically added links to the new release, though that only seems to be for the download page. I can update this in git (though it might require a second release candidate to stage the site unless there’s a way to regenerate that from master).
That FindBugs warning on Blake3 is worrying about unsigned shifts being converted to signed data, but that’s a Java limitation (byte is signed; no unsigned version available) and not a problem in practice (i.e., this is intentional: the method is to encode an integer into little endian as all the Salsa/ChaCha-related cryptography code uses little endian encodings). I can rename the tag to match the proper convention, though it’d still be the lowercase version in the pom file if that’s a problem. As for the javadoc copyright year, do you know where this gets specified? I figured it was auto-generated at build time. — Matt Sicker > On Jan 22, 2022, at 08:10, Gary Gregory <garydgreg...@gmail.com> wrote: > > Thank you for cutting the RC! :-) > > Maybe blocker: > > The Javadoc end copyright year is 2020 instead of 2022. > > Not blockers: > > The git tag name does not match the instructions below so the git clone > command fails (upper case instructions, lower case in actuality). > > New Blake3 class has a FindBugs style issue. > > Build uses FindBugs instead of SpotBugs. > > The site overview page does not include this release. > > The site left hand menu does not include a 1.16 link. In other sites, like > Lang, I've done away with a Javadoc laundry list of version and replaced it > with a single link to "Javadoc Archives". > > The user's guide could include a reference the new Blake3 code. > > Gary > > > On Sat, Jan 22, 2022, 00:34 Matt Sicker <boa...@gmail.com> wrote: > >> We have fixed quite a few bugs and added some significant enhancements >> since Apache Commons Codec 1.15 was released, so I would like to release >> Apache Commons Codec 1.16. >> >> Apache Commons Codec 1.16 RC1 is available for review here: >> https://dist.apache.org/repos/dist/dev/commons/codec/1.16-RC1 (svn >> revision 52215) >> >> The Git tag commons-codec-1.16-RC1 commit for this RC is >> a7af6b2159c8868899608a5fe89228c50ab985a5 which you can browse here: >> >> https://gitbox.apache.org/repos/asf?p=commons-codec.git;a=commit;h=a7af6b2159c8868899608a5fe89228c50ab985a5 >> You may checkout this tag using: >> git clone https://gitbox.apache.org/repos/asf/commons-codec.git >> --branch commons-codec-1.16-RC1 commons-codec-1.16-RC1 >> >> Maven artifacts are here: >> >> https://repository.apache.org/content/repositories/orgapachecommons-1577/org/apache/commons/commons-codec/1.16/ >> >> These are the artifacts and their hashes: >> >> #Release SHA-512s >> #Fri Jan 21 23:21:15 CST 2022 >> >> commons-codec-1.16-bin.tar.gz=eb7721c3d4200531f5b403130ae5ebdbe2d4819ac65204feec403fe47af77182a499625649d6f54cd15240e9b65b193b66acbe450a6823162de6317c418050ba >> >> commons-codec-1.16-bin.tar.gz.asc=6e0cb2c1da47b40169ea7862c797797083a983ea6a4bf171c4465870c6383c61e3fe63effe4ca5211ec6210299ba7b2b1de5c39eebc2fdcaa3cf29560ba0549e >> >> commons-codec-1.16-bin.zip=018005d512dfbff989edad012b35c76aea1785fa7812e7a04bd718d0bd7146723e5d66d5ad4b0adf4b2c7d02f8c889b0aaa79277a8529f747afe238e9eb091bf >> >> commons-codec-1.16-bin.zip.asc=bc4e43ba5b4b430097be7ce308ed7f94f22911bc50fe2f0feb25cccb2e955933551441a003dfe6641e3b9e4f12e3027c2db91fb5396b405db98a42b4ea996032 >> >> commons-codec-1.16-javadoc.jar=dfd2b2646ef591173816040b261cb8cac68e3e908c10e0f7213d805e976d0eebb94472f57e52d437ef4fbc77e92eb4c93dad1f6d92ef56d0d4cb2412640975c7 >> >> commons-codec-1.16-javadoc.jar.asc=ec7440b05ad5b33068410d8fcde3dcdccabe04cb7effcbb0e7c2536e92ae3710da7ee75818addaef29736a30d6bef68dd46a51bb03e2f1bce3a1d97894e71ead >> >> commons-codec-1.16-sources.jar=55eb10a84c84941b9a2719933107a8af8e44a129af67bf468fa85d51ce0e09320c853171bed853afa94bea483b0c7af25891f43a6feff3eedf99eacdd128373e >> >> commons-codec-1.16-sources.jar.asc=abc17643af9d174d3ae289d114c5c9f653ee008433ac1bc6071f76c0db0b8252bc5684506c79031f5e37f610ca505757651900636fec7c74fc7adc7c84c4941b >> >> commons-codec-1.16-src.tar.gz=02e2bf6ea4c9e6b94360ecfd29e64e50aa163cee99a692d7bbf62ebd8be456f685668fcb4b96bbbc90fb4210d0b84990680ef113a938f9183c9d7c9a61f69029 >> >> commons-codec-1.16-src.tar.gz.asc=7d1504fae72360c8f3e912d9aec231208155dc5ea5f537aed87865ddbd754141555a1fa574b55e5e8baefac55a2f644999355485e8916ebe906fe250ed7ef364 >> >> commons-codec-1.16-src.zip=6f35f8473cbb8b34aa6fa33981e322eb43c968c18008d943369cfaa2cf24c21867bcb9f913d7f2eca7e59b8c3bf56954cde308f460efd1aacb606e2268b66f44 >> >> commons-codec-1.16-src.zip.asc=fef5c944f81caab240e2b806e0aa2fac197d17af82a1da65b03391d6740ddca68cfcaefa235e2dad0fd4aba13bb7c4fdcd14ff8b68df2b921f2a2bb19ae73e18 >> >> commons-codec-1.16-test-sources.jar=d4b0178c57cf403da0a8c0eb3f3c0edb76d261394a7e2a790ee395d4d9642a4442e72d19275aaf8eb326684f10341e6b4b51c6658d56a7c7928147b30b4d64d3 >> >> commons-codec-1.16-test-sources.jar.asc=0bc8219592f9ad1155af4e58c00b59e1a2dfc7588865772f1fb05b1758639d0d1a3206a6acd80a5d355a01eced51c81e040a50036778b38eba5a2d0f5bc40f6f >> >> commons-codec-1.16-tests.jar=7eb018ef12f81d5970379e3c7b811a4ab995725430d80b85316552e3397231128d90e44598091d7633f82d8ff0fd7aa8ab54a019c8266e35d150b864d5027f5a >> >> commons-codec-1.16-tests.jar.asc=4a91166371f95d29b19ad69db669c5173b51771c17a224d1507c3142f2222297459f214e5abd0cde9d710eff9a8111313344b02e12f6454f24eead93ded8654d >> >> commons-codec-1.16.jar.asc=faddf526aa97da01b521e50ec1ff10493f769ea9cd87cc498a4bbfea8c12c9a4c319d1e8cd2c501e76fa7088ab05374a1ad4690076471ec4ac4d2ecb7b812572 >> >> commons-codec-1.16.pom.asc=e40299d8c67c85ebcbd1d0fa1d91804f5061307e442c8ed93549e1976a1c13bbebb22eae2626ca21e13e473f68f646cfb5a59b59b3df1316affd25728242013b >> >> >> (no need for .asc hashes!) >> >> I have tested this with ***'mvn clean install site'*** using: >> Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f) >> Maven home: /opt/apache-maven-3.6.3 >> Java version: 1.8.0_312, vendor: Azul Systems, Inc., runtime: >> /Library/Java/JavaVirtualMachines/zulu-8.jdk/Contents/Home/jre >> Default locale: en_US, platform encoding: UTF-8 >> OS name: "mac os x", version: "12.1", arch: "aarch64", family: “mac" >> >> Details of changes since 1.15 are in the release notes: >> >> https://dist.apache.org/repos/dist/dev/commons/codec/1.16-RC1/RELEASE-NOTES.txt >> >> https://dist.apache.org/repos/dist/dev/commons/codec/1.16-RC1/site/changes-report.html >> >> Site: >> >> https://dist.apache.org/repos/dist/dev/commons/codec/1.16-RC1/site/index.html >> (note some *relative* links are broken and the 1.16 directories are >> not yet created - these will be OK once the site is deployed.) >> >> RAT Report: >> >> https://dist.apache.org/repos/dist/dev/commons/codec/1.16-RC1/site/rat-report.html >> >> KEYS: >> https://www.apache.org/dist/commons/KEYS >> >> Please review the release candidate and vote. >> This vote will close no sooner that 72 hours from now. >> >> [ ] +1 Release these artifacts >> [ ] +0 OK, but... >> [ ] -0 OK, but really should fix... >> [ ] -1 I oppose this release because... >> >> Thank you, >> >> Matt Sicker, >> Release Manager (using key 748F15B2CF9BA8F024155E6ED7C92B70FA1C814D) >> >> For following is intended as a helper and refresher for reviewers. >> >> Validating a release candidate >> ============================== >> >> These guidelines are NOT complete. >> >> Requirements: Git, Java, Maven. >> >> You can validate a release from a release candidate (RC) tag as follows. >> >> 1) Clone and checkout the RC tag >> >> git clone https://gitbox.apache.org/repos/asf/commons-codec.git --branch >> commons-codec-1.16-RC1 commons-codec-1.16-RC1 >> cd commons-codec-1.16-RC1 >> >> 2) Check Apache licenses >> >> This step is not required if the site includes a RAT report page which you >> then must check. >> >> mvn apache-rat:check >> >> 3) Check binary compatibility >> >> Older components still use Apache Clirr: >> >> This step is not required if the site includes a Clirr report page which >> you then must check. >> >> mvn clirr:check >> >> Newer components use JApiCmp with the japicmp Maven Profile: >> >> This step is not required if the site includes a JApiCmp report page which >> you then must check. >> >> mvn install -DskipTests -P japicmp japicmp:cmp >> >> 4) Build the package >> >> mvn -V clean package >> >> You can record the Maven and Java version produced by -V in your VOTE >> reply. >> To gather OS information from a command line: >> Windows: ver >> Linux: uname -a >> >> 5) Build the site for a single module project >> >> Note: Some plugins require the components to be installed instead of >> packaged. >> >> mvn site >> Check the site reports in: >> - Windows: target\site\index.html >> - Linux: target/site/index.html >> >> 6) Build the site for a multi-module project >> >> mvn site >> mvn site:stage >> Check the site reports in: >> - Windows: target\site\index.html >> - Linux: target/site/index.html >> >> -the end- >> >> — >> Matt Sicker >> >>
