+1 (binding) I checked the signatures and checksums of the source and convenience binary packages. I did a license check of both and got reasonable results. The NOTICE is fine as well.
I reviewed the release notes. Very important highlights, great job! I notice that on release the index.yaml will need to change to point to the proper download url for apache.org. That is expected. Best Regards, Dave > On Oct 20, 2022, at 10:58 PM, Michael Marshall <mmarsh...@apache.org> wrote: > > Hello Apache Pulsar Community, > > This is a call for the vote to release the Apache Pulsar Helm Chart > version 3.0.0. > > This is our first official vote to release the helm chart. It follows > a newly merged release process that is still subject to change > (https://github.com/apache/pulsar-helm-chart/pull/301). > > I did a major version bump to mitigate the security concerns raised by > https://github.com/apache/pulsar-helm-chart/issues/294. > > The release candidate is available at: > https://dist.apache.org/repos/dist/dev/pulsar/helm-chart/3.0.0-candidate-1/ > > pulsar-chart-3.0.0-source.tar.gz - is the "main source release". > pulsar-3.0.0.tgz - is the binary Helm Chart release. > > Public keys are available at: https://www.apache.org/dist/pulsar/KEYS > > Here is a draft of the 3.0.0 release notes: > https://github.com/apache/pulsar-helm-chart/pull/322 > > For convenience "index.yaml" has been uploaded (though excluded from > voting), so you can also run the below commands. > > helm repo add apache-pulsar-dist-dev > https://dist.apache.org/repos/dist/dev/pulsar/helm-chart/3.0.0-candidate-1/ > helm repo update > helm install pulsar apache-pulsar-dist-dev/pulsar > > pulsar-3.0.0.tgz.prov - is also uploaded for verifying Chart > Integrity, though it is not strictly required for releasing the > artifact based on ASF Guidelines. > > You can optionally verify this file using this helm plugin > https://github.com/technosophos/helm-gpg, or by using helm --verify > (https://helm.sh/docs/helm/helm_verify/). However, I had trouble with > the formatting of our KEYS file while trying to get the helm --verify > feature to work. > > helm gpg verify pulsar-3.0.0.tgz > > The vote will be open for at least 72 hours. > > Only votes from PMC members are binding, but members of the community are > encouraged to test the release and vote with "(non-binding)". > > For license checks, the .rat-excludes files is included, so you can > run the following to verify licenses (just update $PATH_TO_RAT to > point to your binary download of > https://creadur.apache.org/rat/download_rat.cgi): > > tar -xvf pulsar-chart-3.0.0-source.tar.gz > cd pulsar-chart-3.0.0 > java -jar $PATH_TO_RAT/apache-rat-0.15/apache-rat-0.15.jar . -E .rat-excludes > > Additionally, tests to verify upgrade scenarios are particularly helpful. > > Please note that the version number excludes the `-candidate-X` > string, so it's now > simply 3.0.0. This will allow us to rename the artifact without modifying > the artifact checksums when we actually release it. > > Thanks, > Michael
