This vote passes with the following binding +1s: - Gary Gregory (ggregory) - Rob Tompkins (chtompki) - Arnout Englen (engelen)
TY all, Gary On Mon, May 26, 2025 at 12:55 PM Arnout Engelen <enge...@apache.org> wrote: > > I checked: > * 1.2.0-M2 corresponds to a75dde28fe9e340a2f89c349f05a4ee5281417be > * sha512 of the 2 source archives match > a64cd4d283ca0afa2351ee208de5617fe568e885ea764fd52037e91714a4a1f3ffbe10217a520d1d89722acf0a31576144b71a49c13bd10fe03689a7565a1a82 > and > d9326c635bc316465e47a38a894635e192b069576a07163749bf2969f9096912ddc714264e3ecab05b4cee9d08ddbed3e27e76cf119684673a182aa291211c90 > * No relevant differences between git and the 2 archives > * Both source archives are signed by Gary's key from KEYS > * 'mvn' succeeds > * the staged artifacts reproduce when ignoring the CycloneCX SBOMs and > building with jdk21 > > I only spot-checked the code changes relative to M2. > > This is my +1 > > Versions used: > Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937) > Maven home: /nix/store/jpzwha9v268cka0vnfyi3i4jy5jflqnh-maven-3.9.9/maven > Java version: 21.0.7, vendor: N/A, runtime: > /nix/store/qagnl38l96xcbx17ll0v9zswhcl1nqw6-openjdk-21.0.7+6/lib/openjdk > Default locale: en_DK, platform encoding: UTF-8 > OS name: "linux", version: "6.12.22", arch: "amd64", family: "unix" > > On Fri, May 9, 2025 at 3:02 AM Gary Gregory <ggreg...@apache.org> wrote: > > > > We have fixed a few bugs and added enhancements since Apache Commons > > FileUpload 2.0.0-M2 was released, so I would like to release Apache > > Commons FileUpload 2.0.0-M3. > > > > Apache Commons FileUpload 2.0.0-M3 RC1 is available for review here: > > https://dist.apache.org/repos/dist/dev/commons/fileupload/2.0.0-M3-RC1 > > (svn revision 76739) > > > > The Git tag commons-fileupload-2.0.0-M3-RC1 commit for this RC is > > a75dde28fe9e340a2f89c349f05a4ee5281417be which you can browse here: > > > > https://gitbox.apache.org/repos/asf?p=commons-fileupload.git;a=commit;h=a75dde28fe9e340a2f89c349f05a4ee5281417be > > You may checkout this tag using: > > git clone https://gitbox.apache.org/repos/asf/commons-fileupload.git > > --branch commons-fileupload-2.0.0-M3-RC1 > > commons-fileupload-2.0.0-M3-RC1 > > > > Maven artifacts are here: > > > > https://repository.apache.org/content/repositories/orgapachecommons-1834/org/apache/commons/ > > > > These are the artifacts and their hashes: > > > > ${commons.sha512list} > > > > > > I have tested this with 'mvn' and 'mvn clean site' using: > > > > Details of changes since 2.0.0-M2 are in the release notes: > > > > https://dist.apache.org/repos/dist/dev/commons/fileupload/2.0.0-M3-RC1/RELEASE-NOTES.txt > > > > https://dist.apache.org/repos/dist/dev/commons/fileupload/2.0.0-M3-RC1/site/changes.html > > > > Site: > > > > https://dist.apache.org/repos/dist/dev/commons/fileupload/2.0.0-M3-RC1/site/index.html > > (note some *relative* links are broken and the 2.0.0-M3 > > directories are not yet created - these will be OK once the site is > > deployed.) > > > > JApiCmp Report: There is no report because this is a milestone to a > > new major release with a new package name. > > > > RAT Report: > > > > https://dist.apache.org/repos/dist/dev/commons/fileupload/2.0.0-M3-RC1/site/rat-report.html > > > > KEYS: > > https://downloads.apache.org/commons/KEYS > > > > Please review the release candidate and vote. > > This vote will close no sooner than 72 hours from now. > > > > [ ] +1 Release these artifacts > > [ ] +0 OK, but... > > [ ] -0 OK, but really should fix... > > [ ] -1 I oppose this release because... > > > > Thank you, > > > > Gary Gregory, > > Release Manager (using key 86fdc7e2a11262cb) > > > > The following is intended as a helper and refresher for reviewers. > > > > Validating a release candidate > > ============================== > > > > These guidelines are NOT complete. > > > > Requirements: Git, Java, and Maven. > > > > You can validate a release from a release candidate (RC) tag as follows. > > > > 1a) Download and decompress the source archive from: > > > > https://dist.apache.org/repos/dist/dev/commons/fileupload/2.0.0-M3-RC1/source > > > > 1b) Check out the RC tag from git (optional) > > > > This is optional, as a reviewer must check source distributions as a > > minimum. > > > > git clone https://gitbox.apache.org/repos/asf/commons-fileupload.git > > --branch commons-fileupload-2.0.0-M3-RC1 > > commons-fileupload-2.0.0-M3-RC1 > > cd commons-fileupload-2.0.0-M3-RC1 > > > > 2) Checking the build > > > > All components should include a default Maven goal, such that you can > > run 'mvn' from the command line by itself. > > > > 2) Check Apache licenses > > > > This step is not required if the site includes a RAT report page which > > you then must check. > > This check should be included in the default Maven build, but you can > > check it with: > > > > mvn apache-rat:check > > > > 3) Check binary compatibility > > > > This step is not required if the site includes a JApiCmp report page > > which you then must check. > > This check should be included in the default Maven build, but you can > > check it with: > > > > mvn verify -DskipTests -P japicmp japicmp:cmp > > > > 4) Build the package > > > > This check should be included in the default Maven build, but you can > > check it with: > > > > mvn -V clean package > > > > You can record the Maven and Java version produced by -V in your VOTE reply. > > To gather OS information from a command line: > > Windows: ver > > Linux: uname -a > > > > 4b) Check reproducibility > > > > To check that a build is reproducible, run: > > > > mvn clean verify artifact:compare -DskipTests > > -Dreference.repo=https://repository.apache.org/content/repositories/staging/ > > '-Dbuildinfo.ignore=*/*.spdx.json' > > > > Note that this excludes SPDX files from the check. > > > > 5) Build the site for a single module project > > > > Note: Some plugins require the components to be installed instead of > > packaged. > > > > mvn site > > Check the site reports in: > > - Windows: target\site\index.html > > - Linux: target/site/index.html > > > > 6) Build the site for a multi-module project > > > > mvn site > > mvn site:stage > > Check the site reports in: > > - Windows: target\site\index.html > > - Linux: target/site/index.html > > > > Note that the project reports are created for each module. > > Modules can be accessed using the 'Project Modules' link under > > the 'Project Information' menu (see <path-to-site>/modules.html). > > > > -the end- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > -- > Arnout Engelen > ASF Security Response > Apache Pekko PMC member, ASF Member > NixOS Committer > Independent Open Source consultant > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
