On Sun, May 31, 2026 at 1:34 PM Mark Thomas <[email protected]> wrote: > > We have fixed the packaging issue since the release of Apache Commons > Daemon 1.6.0, so I would like to release Apache Commons Daemon 1.6.1. > > Apache Commons Daemon 1.6.1 RC1 is available for review here: > https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.1-RC1 > (svn revision 84861)
Comparing the source archives with version control I see the generated src/native/unix/unix/configure and src/native/unix/unix/support. I tried regenerating `configure`, but due to autconf version differences (2.71 vs 2.73) there were plenty of changes. Same for config.sub and config.guess. Otherwise no surprises, and signatures match A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 from KEYS > The Git tag commons-daemon-1.6.1-RC1 commit for this RC is > 68e2301d5be8aef15c432c7c5fc08fee5c20805f Confirmed > which you can browse here: > > https://gitbox.apache.org/repos/asf?p=commons-daemon.git;a=commit;h=68e2301d5be8aef15c432c7c5fc08fee5c20805f > You may checkout this tag using: > git clone https://gitbox.apache.org/repos/asf/commons-daemon.git > --branch commons-daemon-1.6.1-RC1 commons-daemon-1.6.1-RC1 > > Maven artifacts are here: > > https://repository.apache.org/content/repositories/orgapachecommons-1946/commons-daemon/commons-daemon/1.6.1/ > > These are the artifacts and their hashes: > > #Release SHA-512s > #Sun May 31 12:13:58 BST 2026 > commons-daemon-1.6.1-bin-windows.zip=a878177edc92e663c1113858f8903451ec02b5b033bca373bea4f8761d9196323771301fcd6a7b8387d8e2300f7a1056b9e08e83fca9703df32ac3ecd5b129f7 > commons-daemon-1.6.1-bin.tar.gz=4757860f7700908cd915141237321b2996ea07077066e8afaa1de322d9edbf7e20c73cb19c57e2bcc27e5e0756d7c3d568f8849718e2011e3b182a2420d7a969 > commons-daemon-1.6.1-bin.zip=65fe49ff0cb8d9938d2b519ca2864ef6e53e5d8fc2056734bdb93bcf03b6729f2879dbffa52dc24d89e6553dcc2238c66b7f734dc59fd0a75d803a98e3a5d718 > commons-daemon-1.6.1-bom.json=c07466b9b30c7ea9ca5acbe5565b673f2669b7f209c90ccd26c3fd0c08e533f607e05927f33934f238fd9f7a55d08238ef7667c503c277204e8e8d42e74ab826 > commons-daemon-1.6.1-bom.xml=3b2b97ea0d62b2799f50bae79f619b729c7b2d39bbf944448643780337978badbd576dccfd6e7f840ca44272a09b16e4026015be68d1577fbee23e9002830918 > commons-daemon-1.6.1-javadoc.jar=e2d77a2e7b5df214bb7505d92ee11b482e6736bb87753e96538623ccd82083b0fc69cfd46202b68ce7b2bb493a8373e3ca28ab1e65790beac1c3eab8a93855f0 > commons-daemon-1.6.1-native-src.tar.gz=6ecc74a85d7356078d778cbc414e007435e58c0c15dffc5cb83865e037adf423980842946218c75e80062e0ee715ce3240d39c709afe15e0d52db1a613e0484e > commons-daemon-1.6.1-native-src.zip=9703b05a25f99ed61754300fe85c7b20592f403c869ffca2cc5449c094f5fc1a2cf816fa8382c875b844dcb9e24dfd8f82d4cccd54ec393abf3853752d031549 > commons-daemon-1.6.1-sources.jar=7fce22f4975702e11d07329b8e6f21e51f6d1351c28a30b217f757057226eb63d07a733bcbbf95409a1b797483cf0c697c70ca69a1e67368409bbcb35fef5f5b > commons-daemon-1.6.1-src.tar.gz=51910df48e5e8dd44d695deb95ef878b961119fb99aa2924bc966b28f431737c2071085e46400e96db4831c4b82ff6e60a7299cb6c792e53c151dc053844546f > commons-daemon-1.6.1-src.zip=41a2f5736762c8368935cb8e7e08dbe89ab64b6f847e21ab911ba1f199ac6943dcc7a7cfc8805344d3bb10098accc01658bf96c8a4dd6338289b3518217e8bc3 > commons-daemon_commons-daemon-1.6.1.spdx.json=92a6d76db311f1cff024fb7fcbfd7d43035462fe0ca59e40cd38c369b5379c02c02f971e22184b1f39a646d1b1c5f8398512cbd63786b00d1c9b7f76b53e1e75 > > > I have tested this with 'mvn' using: > *** > Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937) > Maven home: /opt/sdkman/candidates/maven/current > Java version: 25.0.3, vendor: Eclipse Adoptium, runtime: > /opt/sdkman/candidates/java/25.0.3-tem > Default locale: en_GB, platform encoding: UTF-8 > OS name: "linux", version: "6.8.0-117-generic", arch: "amd64", family: > "unix" > *** This did not quite produce the same binary for me, timestamps were off by 1 hour presumably because my locale is not en_GB (and I don't have it installed so it wasn't easy to switch). This makes it hard to validate there's no other changes, but it looks OK. > Details of changes since 1.6.0 are in the release notes: > > https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.1-RC1/RELEASE-NOTES.txt The diff is indeed quite small > KEYS: > https://downloads.apache.org/commons/KEYS > > Please review the release candidate and vote. > This vote will close no sooner than 72 hours from now. > > [ ] +1 Release these artifacts > [ ] +0 OK, but... > [ ] -0 OK, but really should fix... > [ ] -1 I oppose this release because... Summarizing: generally looks good, a number of differences that make it harder to review but seem OK on inspection. I have not actually tested running the code. This is my +1. Cheers, Arnout > > Thank you, > > Mark Thomas, > Release Manager (using key 10C01C5A2F6059E7) > > The following is intended as a helper and refresher for reviewers. > > Validating a release candidate > ============================== > > These guidelines are NOT complete. > > Requirements: Git, Java, and Maven. > > You can validate a release from a release candidate (RC) tag as follows. > > 1a) Download and decompress the source archive from: > > https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.1-RC1/source > > 1b) Check out the RC tag from git (optional) > > This is optional, as a reviewer must at least check source distributions. > > git clone https://gitbox.apache.org/repos/asf/commons-daemon.git > --branch commons-daemon-1.6.1-RC1 commons-daemon-1.6.1-RC1 > cd commons-daemon-1.6.1-RC1 > > 2) Checking the build > > All components should include a default Maven goal, such that you can > run 'mvn' from the command line by itself. > > 2) Check Apache licenses > > This step is not required if the site includes a RAT report page, which > you then must check. > This check should be included in the default Maven build, but you can > check it with: > > mvn apache-rat:check > > 3) Check binary compatibility > > This step is not required if the site includes a JApiCmp report page, > which you then must check. > This check should be included in the default Maven build, but you can > check it with: > > mvn verify -DskipTests -P japicmp japicmp:cmp > > 4) Build the package > > This check should be included in the default Maven build, but you can > check it with: > > mvn -V clean package > > You can record the Maven and Java version produced by -V in your VOTE reply. > To gather OS information from a command line: > Windows: ver > Linux: uname -a > > 4b) Check reproducibility > > To check that a build is reproducible, run: > > mvn clean verify artifact:compare -DskipTests > -Dreference.repo=https://repository.apache.org/content/repositories/staging/ > '-Dbuildinfo.ignore=*/*.spdx.json' > > Note that this excludes SPDX files from the check. > > 5) Build the site for a single module project > > Note: Some plugins require the components to be installed instead of > packaged. > > mvn site > Check the site reports in: > - Windows: target\site\index.html > - Linux: target/site/index.html > > 6) Build the site for a multi-module project > > mvn site > mvn site:stage > Check the site reports in: > - Windows: target\site\index.html > - Linux: target/site/index.html > > Note that the project reports are created for each module. > Modules can be accessed using the 'Project Modules' link under > the 'Project Information' menu (see <path-to-site>/modules.html). > > -the end- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
