This vote passes with the following +1 binding votes: - Gary Gregory (ggregory) - Rob Tompkins (chtompki) - Arnout Engelen (engelen)
TY all, Gary On Mon, Jan 27, 2025 at 11:05 AM Arnout Engelen <enge...@apache.org> wrote: > > I have: > * checked out git tag commons-pool-2.12.1-RC3 > * verified it corresponds to 63610d0aa8f8409850c5a85bfadb002d7578f411 > * downloaded source zip and tgz > * verified the hashes match > 0fb56dbc9c74c67853c87da7ec499885086267a3f5a7dcf1aaf22254d2ec7408fce867b542340f2a75638bd709cb55a37650969b79aec2c5a06920a329889454 > and > 709edcfb436f1bf1e646a6e0e03aa4da05d60916393c2fa58d41b787d639eb64e316d7ab8c7d7ee10376d53f9ed3b5244b46deb4110373acb6d1149cb4c70e5a > * verified there are no meaningful differences between the tgz and git > (though it's weird src/assembly is missing from the tgz) > * verified .zip and .tgz are signed by Gary's key from > https://downloads.apache.org/commons/KEYS > * checked 'mvn' succeeds > * built with Java 21.0.5 and ran the 'mvn -Dreference.repo= > https://repository.apache.org/content/repositories/orgapachecommons-1806 > verify artifact:compare' command from the instructions - only the SPDX > mismatched. > * ran 'mvn assembly:single'. this reproduced the -src packages exactly, the > -bin packages were different (but I haven't analyzed the differences in > depth) > * checked that the testsuite of a number of openmeetings components still > succeeds against this new version > This is my +1 > > On Wed, Jan 22, 2025 at 2:49 PM Gary Gregory <garydgreg...@gmail.com> wrote: > > > We have fixed a few bugs since Apache Commons Pool 2.12.0 was > > released, so I would like to release Apache Commons Pool 2.12.1. > > > > *The only difference between RC2 and RC3 is to fix the site's download > > link in the right-hand side menu.* > > > > Apache Commons Pool 2.12.1 RC3 is available for review here: > > https://dist.apache.org/repos/dist/dev/commons/pool/2.12.1-RC3 > > (svn revision 74365) > > > > The Git tag commons-pool-2.12.1-RC3 commit for this RC is > > 63610d0aa8f8409850c5a85bfadb002d7578f411 which you can browse here: > > > > https://gitbox.apache.org/repos/asf?p=commons-pool.git;a=commit;h=63610d0aa8f8409850c5a85bfadb002d7578f411 > > You may checkout this tag using: > > git clone https://gitbox.apache.org/repos/asf/commons-pool.git > > --branch <https://gitbox.apache.org/repos/asf/commons-pool.git--branch> > > commons-pool-2.12.1-RC3 commons-pool-2.12.1-RC3 > > > > Maven artifacts are here: > > > > https://repository.apache.org/content/repositories/orgapachecommons-1806/org/apache/commons/commons-pool2/2.12.1/ > > > > These are the artifacts and their hashes: > > > > #Release SHA-512s > > #Wed Jan 22 13:43:06 UTC 2025 > > > > commons-pool2-2.12.1-bin.tar.gz=df094ba79c03941421641569a16f501ba6740730c3de199adeef6e703521c7a94c4ccbf799cfa08a1761de92012fca014551d5dd1ec4f6cc2d6e1fac7aa26f46 > > > > commons-pool2-2.12.1-bin.zip=cf8a60ce6a7312f1f61d245d2379ec9c5337e1887c5265bf5b45fe77b4438fdeea3b5dd47069f066bb2e5fb86a9ecc881ca9449e30d06fadba43b2d89f51f4ca > > > > commons-pool2-2.12.1-bom.json=365460af3c2bf33eec17604e5b41bb98333eed8a9699f5335546f66938b3fefe8262e6c74cfbac4ab99b22643e9077addd070da79ee8728e99f5bea226621431 > > > > commons-pool2-2.12.1-bom.xml=97fb9114ba6c507f094fa8bc96f34a314ff68320d7113634e21e2687be8b13ee053bbf3b8da83de3f6ba5f1366398ce8f8b18b5e253e329f0a9174bd54da3f96 > > > > commons-pool2-2.12.1-javadoc.jar=932fb01b54b03ea3a136ce760f5fcb16c5588b2f01b4dc89b377facc6a3dc2a30b6eb0c9b956b16554f5f05d30e62cf8bb3b31c6e981afc738b56f8ed75f9562 > > > > commons-pool2-2.12.1-sources.jar=8ece356dc3e4f435d562c87d3fcd9080fd2ec8e7ba28df18b055e7f54a28f612626f007b447b35cc65c3dc77036507d91cd1394f468bc9ad66fcd85111058042 > > > > commons-pool2-2.12.1-src.tar.gz=0fb56dbc9c74c67853c87da7ec499885086267a3f5a7dcf1aaf22254d2ec7408fce867b542340f2a75638bd709cb55a37650969b79aec2c5a06920a329889454 > > > > commons-pool2-2.12.1-src.zip=709edcfb436f1bf1e646a6e0e03aa4da05d60916393c2fa58d41b787d639eb64e316d7ab8c7d7ee10376d53f9ed3b5244b46deb4110373acb6d1149cb4c70e5a > > > > commons-pool2-2.12.1-test-sources.jar=9b7c45749655c23fc4116ffb0a93f8f5261d66d53ae44fb4d43071961e0c83e963a1d1ec90d4e8ca1e85107ca454548bede99e5d693e20a63644baa4e8396419 > > > > commons-pool2-2.12.1-tests.jar=790cd2edf2af7732c2c6443a9a888d1f5a268d7f7b9f0d2b991335b0280ef49e07509c90674357ee89b51bc4735713039d084745f90098899af7eab649716f66 > > > > org.apache.commons_commons-pool2-2.12.1.spdx.json=18a901cee06262aac955666fa26562c22621cbca14f7901bf75b8a88d625c68d3504cd70695afe3c76fe0f4977960d8e18229c0d58577f736cfe91ff68342f18 > > > > > > I have tested this with > > - mvn > > - mvn -e -V -P release -P test-deploy -P jacoco -P japicmp clean > > package site deploy > > - mvn clean verify artifact:compare -DskipTests > > -Dreference.repo= > > https://repository.apache.org/content/repositories/staging/ > > '-Dbuildinfo.ignore=*/*.spdx.json'\ > > > > Using: > > > > openjdk version "21.0.5" 2024-10-15 > > OpenJDK Runtime Environment Homebrew (build 21.0.5) > > OpenJDK 64-Bit Server VM Homebrew (build 21.0.5, mixed mode, sharing) > > > > Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937) > > Maven home: /opt/homebrew/Cellar/maven/3.9.9/libexec > > Java version: 21.0.5, vendor: Homebrew, runtime: > > /opt/homebrew/Cellar/openjdk@21/21.0.5/libexec/openjdk.jdk/Contents/Home > > Default locale: en_US, platform encoding: UTF-8 > > OS name: "mac os x", version: "15.2", arch: "aarch64", family: "mac" > > > > Details of changes since 2.12.0 are in the release notes: > > > > https://dist.apache.org/repos/dist/dev/commons/pool/2.12.1-RC3/RELEASE-NOTES.txt > > > > https://dist.apache.org/repos/dist/dev/commons/pool/2.12.1-RC3/site/changes.html > > > > Site: > > > > https://dist.apache.org/repos/dist/dev/commons/pool/2.12.1-RC3/site/index.html > > (note some *relative* links are broken and the 2.12.1 directories > > are not yet created - these will be OK once the site is deployed.) > > > > JApiCmp Report (compared to 2.12.0): > > > > https://dist.apache.org/repos/dist/dev/commons/pool/2.12.1-RC3/site/japicmp.html > > > > RAT Report: > > > > https://dist.apache.org/repos/dist/dev/commons/pool/2.12.1-RC3/site/rat-report.html > > > > KEYS: > > https://downloads.apache.org/commons/KEYS > > > > Please review the release candidate and vote. > > This vote will close no sooner than 72 hours from now. > > > > [ ] +1 Release these artifacts > > [ ] +0 OK, but... > > [ ] -0 OK, but really should fix... > > [ ] -1 I oppose this release because... > > > > Thank you, > > > > Gary Gregory, > > Release Manager (using key 86fdc7e2a11262cb) > > > > The following is intended as a helper and refresher for reviewers. > > > > Validating a release candidate > > ============================== > > > > These guidelines are NOT complete. > > > > Requirements: Git, Java, and Maven. > > > > You can validate a release from a release candidate (RC) tag as follows. > > > > 1a) Download and decompress the source archive from: > > > > https://dist.apache.org/repos/dist/dev/commons/pool/2.12.1-RC3/source > > > > 1b) Check out the RC tag from git (optional) > > > > This is optional, as a reviewer must check source distributions as a > > minimum. > > > > git clone https://gitbox.apache.org/repos/asf/commons-pool.git > > --branch commons-pool-2.12.1-RC3 commons-pool-2.12.1-RC3 > > cd commons-pool-2.12.1-RC3 > > > > 2) Checking the build > > > > All components should include a default Maven goal, such that you can > > run 'mvn' from the command line by itself. > > > > 2) Check Apache licenses > > > > This step is not required if the site includes a RAT report page which > > you then must check. > > This check should be included in the default Maven build, but you can > > check it with: > > > > mvn apache-rat:check > > > > 3) Check binary compatibility > > > > This step is not required if the site includes a JApiCmp report page > > which you then must check. > > This check should be included in the default Maven build, but you can > > check it with: > > > > mvn verify -DskipTests -P japicmp japicmp:cmp > > > > 4) Build the package > > > > This check should be included in the default Maven build, but you can > > check it with: > > > > mvn -V clean package > > > > You can record the Maven and Java version produced by -V in your VOTE > > reply. > > To gather OS information from a command line: > > Windows: ver > > Linux: uname -a > > > > 4b) Check reproducibility > > > > To check that a build is reproducible, run: > > > > mvn clean verify artifact:compare -DskipTests > > -Dreference.repo= > > https://repository.apache.org/content/repositories/staging/ > > '-Dbuildinfo.ignore=*/*.spdx.json' > > > > Note that this excludes SPDX files from the check. > > > > 5) Build the site for a single module project > > > > Note: Some plugins require the components to be installed instead of > > packaged. > > > > mvn site > > Check the site reports in: > > - Windows: target\site\index.html > > - Linux: target/site/index.html > > > > -the end- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > -- > Arnout Engelen > ASF Security Response > Apache Pekko PMC member, ASF Member > NixOS Committer > Independent Open Source consultant --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
