This vote passes with the following +1 binding votes: - Gary Gregory (ggregory) - Rob Tompkins (chtompki) - Arnout Engelen (engelen)
TY all, Gary On Mon, Jan 27, 2025 at 11:26 AM Arnout Engelen <enge...@apache.org> wrote: > > I have: > * checked out git tag commons-codec-1.18.0-RC1 > * verified it corresponds to a38de9528197b2d01e5b6c9b2e0af3a624cff017 > * downloaded source zip and tgz > * verified the hashes match > 079876efff8534650c6e9a5a207b7cc6b93d5c42f928f6c789279466eb1d82270ffa756300d0d0a91b24cf3cb0c029417e3fb043fd007d94625065b4225e45b2 > and > a14ce4498905fa0de67b7ba65faf75c770e7cdad4860ea14205781372c8777669fb562aab15c682385196a895895a6751b81d893ba4af6e01efb713970449227 > * verified there are no meaningful differences between the tgz and git > * verified .zip and .tgz are signed by Gary's key from > https://downloads.apache.org/commons/KEYS > * checked 'mvn apache-rat:check' succeeds > * built with Java 21.0.5 and ran "mvn -Dreference.repo= > https://repository.apache.org/content/repositories/orgapachecommons-1807 > verify artifact:compare", only the spdx (expectedly) mismatched > * I did not test the artifacts against any project > > This is my +1 > > On Fri, Jan 24, 2025 at 3:47 PM Gary Gregory <garydgreg...@gmail.com> wrote: > > > We have added two methods to support Apache Jackrabbit's migration > > from Guava since Apache Commons Codec 1.17.1 was released, so I would > > like to release Apache Commons Codec 1.18.0. > > > > Apache Commons Codec 1.18.0 RC1 is available for review here: > > https://dist.apache.org/repos/dist/dev/commons/codec/1.18.0-RC1 > > (svn revision 74407) > > > > The Git tag commons-codec-1.18.0-RC1 commit for this RC is > > a38de9528197b2d01e5b6c9b2e0af3a624cff017 which you can browse here: > > > > https://gitbox.apache.org/repos/asf?p=commons-codec.git;a=commit;h=a38de9528197b2d01e5b6c9b2e0af3a624cff017 > > You may checkout this tag using: > > git clone https://gitbox.apache.org/repos/asf/commons-codec.git > > --branch <https://gitbox.apache.org/repos/asf/commons-codec.git--branch> > > commons-codec-1.18.0-RC1 commons-codec-1.18.0-RC1 > > > > Maven artifacts are here: > > > > https://repository.apache.org/content/repositories/orgapachecommons-1807/commons-codec/commons-codec/1.18.0/ > > > > These are the artifacts and their hashes: > > > > #Release SHA-512s > > #Fri Jan 24 14:05:39 UTC 2025 > > > > commons-codec-1.18.0-bin.tar.gz=304d4bd278df31570a5c657f21ab456fb55a3b1e98049e9b59422c4ed0fbfb458690f05916c1a0017042b0377f5fd8b4e325763f7f8542b49a4d14c5e9218da3 > > > > commons-codec-1.18.0-bin.zip=ed16eb50d323f0458f4c297de9c02e6ed9168a4506b1431126d7409bb0f7bea6aeba7917f9e6a450ed234719bc9c659e99cb590cac4e8016734b3869733d3ad4 > > > > commons-codec-1.18.0-bom.json=379959869a4eaaea03d5fdf21471359066a14faa1d6c3a1ec31d4690d6595162169b0368dc362328d3f597a4cbf654984fd582653f9972a47e3d3ae8653d0697 > > > > commons-codec-1.18.0-bom.xml=54d3a65adf88a914e985a78699d66996a08e0edc5d2e495d0b19468c0e05f2f279a6a4b699d02aa85068b723a7986890c66063995ccbd9bb31e537cd6551576e > > > > commons-codec-1.18.0-javadoc.jar=436ea2ca488d5ae7ed43fac3689cdb736d51727953c95dc0d8202d71f393327fb1dd60a0d85a04f7251df51145580e8373cd3750263b4b4ac99c0af813c418e5 > > > > commons-codec-1.18.0-sources.jar=efc3567c974bba4b7c5450dc50f144cd4cf5e31a5d8f1cc543edb37955b4e81190d46ff360d174eab02d05902de6ab1e94e027a39aa8b229e2abaffc81ce60c4 > > > > commons-codec-1.18.0-src.tar.gz=a14ce4498905fa0de67b7ba65faf75c770e7cdad4860ea14205781372c8777669fb562aab15c682385196a895895a6751b81d893ba4af6e01efb713970449227 > > > > commons-codec-1.18.0-src.zip=079876efff8534650c6e9a5a207b7cc6b93d5c42f928f6c789279466eb1d82270ffa756300d0d0a91b24cf3cb0c029417e3fb043fd007d94625065b4225e45b2 > > > > commons-codec-1.18.0-test-sources.jar=064cd7663eb1a53fbae87114d8cb38ae6dd5269cac280e29f11c6b61cc746f359479142d2e26b5986d66e53319dae6dc3d37a725c05f10c03c646eed73babb0d > > > > commons-codec-1.18.0-tests.jar=e52f30360287fc9095377abca39eb434612ab22855f1f2ee475ac655a4d9ac89e093659db67280d5978fc1eefab4a352895616c15c17ff832727ab752a56b5e6 > > > > commons-codec_commons-codec-1.18.0.spdx.json=febcdf1dc609c2fb47c92c384ad84eb3f904138b73b016d2c92570103e17f903a8559d93590b1f3216fbfe152404f869fb9d6e0dc241f2c1832f69426dafb720 > > > > > > > > I have tested this with > > - mvn > > - mvn -e -V -P release -P test-deploy -P jacoco -P japicmp clean > > package site deploy > > - mvn clean verify artifact:compare -DskipTests > > -Dreference.repo= > > https://repository.apache.org/content/repositories/staging/ > > '-Dbuildinfo.ignore=*/*.spdx.json' > > > > openjdk version "21.0.6" 2025-01-21 > > OpenJDK Runtime Environment Homebrew (build 21.0.6) > > OpenJDK 64-Bit Server VM Homebrew (build 21.0.6, mixed mode, sharing) > > > > Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937) > > Maven home: /opt/homebrew/Cellar/maven/3.9.9/libexec > > Java version: 21.0.6, vendor: Homebrew, runtime: > > /opt/homebrew/Cellar/openjdk@21/21.0.6/libexec/openjdk.jdk/Contents/Home > > Default locale: en_US, platform encoding: UTF-8 > > OS name: "mac os x", version: "15.2", arch: "aarch64", family: "mac" > > > > Darwin ****.local 24.2.0 Darwin Kernel Version 24.2.0: Fri Dec 6 > > 19:03:40 PST 2024; root:xnu-11215.61.5~2/RELEASE_ARM64_T6041 arm64 > > Docker version 27.3.1, build ce12230 > > > > > > Details of changes since 1.17.1 are in the release notes: > > > > https://dist.apache.org/repos/dist/dev/commons/codec/1.18.0-RC1/RELEASE-NOTES.txt > > > > https://dist.apache.org/repos/dist/dev/commons/codec/1.18.0-RC1/site/changes.html > > > > Site: > > > > https://dist.apache.org/repos/dist/dev/commons/codec/1.18.0-RC1/site/index.html > > (note some *relative* links are broken and the 1.18.0 directories > > are not yet created - these will be OK once the site is deployed.) > > > > JApiCmp Report (compared to 1.17.1): > > > > https://dist.apache.org/repos/dist/dev/commons/codec/1.18.0-RC1/site/japicmp.html > > > > RAT Report: > > > > https://dist.apache.org/repos/dist/dev/commons/codec/1.18.0-RC1/site/rat-report.html > > > > KEYS: > > https://downloads.apache.org/commons/KEYS > > > > Please review the release candidate and vote. > > This vote will close no sooner than 72 hours from now. > > > > [ ] +1 Release these artifacts > > [ ] +0 OK, but... > > [ ] -0 OK, but really should fix... > > [ ] -1 I oppose this release because... > > > > Thank you, > > > > Gary Gregory, > > Release Manager (using key 86fdc7e2a11262cb) > > > > The following is intended as a helper and refresher for reviewers. > > > > Validating a release candidate > > ============================== > > > > These guidelines are NOT complete. > > > > Requirements: Git, Java, and Maven. > > > > You can validate a release from a release candidate (RC) tag as follows. > > > > 1a) Download and decompress the source archive from: > > > > https://dist.apache.org/repos/dist/dev/commons/codec/1.18.0-RC1/source > > > > 1b) Check out the RC tag from git (optional) > > > > This is optional, as a reviewer must check source distributions as a > > minimum. > > > > git clone https://gitbox.apache.org/repos/asf/commons-codec.git > > --branch commons-codec-1.18.0-RC1 commons-codec-1.18.0-RC1 > > cd commons-codec-1.18.0-RC1 > > > > 2) Checking the build > > > > All components should include a default Maven goal, such that you can > > run 'mvn' from the command line by itself. > > > > 2) Check Apache licenses > > > > This step is not required if the site includes a RAT report page which > > you then must check. > > This check should be included in the default Maven build, but you can > > check it with: > > > > mvn apache-rat:check > > > > 3) Check binary compatibility > > > > This step is not required if the site includes a JApiCmp report page > > which you then must check. > > This check should be included in the default Maven build, but you can > > check it with: > > > > mvn verify -DskipTests -P japicmp japicmp:cmp > > > > 4) Build the package > > > > This check should be included in the default Maven build, but you can > > check it with: > > > > mvn -V clean package > > > > You can record the Maven and Java version produced by -V in your VOTE > > reply. > > To gather OS information from a command line: > > Windows: ver > > Linux: uname -a > > > > 4b) Check reproducibility > > > > To check that a build is reproducible, run: > > > > mvn clean verify artifact:compare -DskipTests > > -Dreference.repo= > > https://repository.apache.org/content/repositories/staging/ > > '-Dbuildinfo.ignore=*/*.spdx.json' > > > > Note that this excludes SPDX files from the check. > > > > 5) Build the site for a single module project > > > > Note: Some plugins require the components to be installed instead of > > packaged. > > > > mvn site > > Check the site reports in: > > - Windows: target\site\index.html > > - Linux: target/site/index.html > > > > -the end- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > -- > Arnout Engelen > ASF Security Response > Apache Pekko PMC member, ASF Member > NixOS Committer > Independent Open Source consultant --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
