Hallo,

I have prepared artifacts for the release of Apache POI 3.16-beta1 (RC1).

Copied from the new summary section in the changelog [1], the most
notable changes in this release are:

- Initial work on adding a Gradle build, the Ant based build is
currently still the official buildsystem, but there are plans to replace
this with Gradle in the future.
- Add support for password protected files with "Microsoft Enhanced
Cryptographic Provider v1.0"
- Improve support for reading VBA macros
- Examples to encrypt temp files in SXSSF

https://dist.apache.org/repos/dist/dev/poi/3.16-beta1-RC1/

What to look for?
- verify the artifacts' md5 and sha1 hashes and asc signature. This is
my first POI release and my first release signed with 8BABDD6C, so you
may need to import it into your keystore.
This key is included in the following KEYS files [2], [3].
It is also be found by searching on [4], [5], or most other PGP key servers.
Steps to verify this are at the end of this email.
- add, remove, or modify notable changes. I believe these notes are
separate from the artifacts, so the changes can be updated without
necessarily rolling a new release (though no big deal if this needs done).
- maybe run another common-crawl test
- check for unintentional API breaks
- verify enum-related (bug 59836 [6]) unintentional API breaks in 3.15
are fixed in this 3.16 beta

Please vote [7] to release the artifacts. Please vote 0 if everything
looks good but you did not have time to test the artifacts in a POI
powered application.

The vote stays open for at least 72hrs, 2016-11-17, 23:59 UTC, staying
open until we have analyzed the results of common-crawl.
If no issues are discovered, the planned release announcement date is
Wednesday, 2016-11-23.

Javen O'Neal

Steps to verify the build artifacts:
wget https://dist.apache.org/repos/dist/dev/poi/KEYS; gpg --import KEYS
gpg --import KEYS
(alternatively,  gpg --keyserver pgp.mit.edu --recv-key 8BABDD6C)
svn checkout https://dist.apache.org/repos/dist/dev/poi/3.16-beta1-RC1
cd 3.16-beta1-RC1
find . -name "*.md5" -type f -execdir md5sum -c {} \;
find . -name "*.sha1" -type f -execdir sha1sum -c {} \;
find . -name "*.asc" -exec gpg --no-secmem-warning --verify {} \;

More detailed instructions can be found at
https://poi.apache.org/download.html#verify

[1] https://poi.apache.org/changes.html
[2] https://dist.apache.org/repos/dist/dev/poi/KEYS
[3] https://svn.apache.org/repos/asf/poi/trunk/KEYS
[4] https://people.apache.org/keys/
[5] https://pgp.mit.edu/
[6] https://bz.apache.org/bugzilla/show_bug.cgi?id=59836
[7]
https://www.apache.org/foundation/voting.html#expressing-votes-1-0-1-and-fractions

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to