As others have said, there’s no way to retract a release when it’s gone to Maven Central. (Many of us have noticed show-stopping bugs just after the release.) The only remedy is to make a superseding release.
I don’t support adding a step where an IPMC member presses the release button. Mistakes happen, no many how many layers of process you add. Nexus already has a two-phase process, and it works well with the ASF release process. Wayang are going to need a new release number, not just a new RC of the same release. Otherwise their new binary artifacts won’t supersede those already out there. Julian > On Jul 25, 2023, at 6:22 AM, Christofer Dutz <christofer.d...@c-ware.de> > wrote: > > (Also fixed what my mail client thought I wanted to say, to what I said in > the subject ;-) ) > > And I think the main problem with the leftpad was the general usage of the > Maven equivalent of “LATEST” as a dependency version. > So, anyone with a LATEST dependency that has built today, will have the 0.7.0 > version everyone with a sensible build management won’t be affected. > > Alternatively, most things that caused me to vote -1 actually don’t have an > effect on the produced binaries. > It was mostly stuff that applies for the source-distribution. > So, I would in this case be in favor that they stage a new release candidate > for 0.7.0, release that, and simply drop the nexus repo instead of > re-releasing it. > > Chris > > Von: PJ Fanning <fannin...@gmail.com> > Datum: Dienstag, 25. Juli 2023 um 14:54 > An: general@incubator.apache.org <general@incubator.apache.org> > Betreff: Re: Little "upside" at the Wayang podling > The difference here is that this release has just been made and has > only been announced on the Wayang dev list. I find no evidence of it > on the Wayang web site nor in the Apache announce mailing list. > > I understand the leftpad case but I don't think this is a similar > case. Users who have upgraded to Wayang 0.7.0 can downgrade to Wayang > 0.6.0. > >> On Tue, 25 Jul 2023 at 13:19, tison <wander4...@gmail.com> wrote: >> >>> So I guess we have to check how we can remove the artifacts. >> >> A central repository should not _remove_ artifacts. Rust's cargo crate can >> mark as yanked and prevent further dependent but remain all the existing >> one. Revoke artifacts can cause significant downstream effect - you may >> take leftpad on npmjs as an example. >> >> Best, >> tison. >> >> >> Christofer Dutz <christofer.d...@c-ware.de> 于2023年7月25日周二 19:14写道: >> >>> Hi PJ, >>> >>> Unfortunately, I had to vote -1 on the release and there’s no way on earth >>> it would pass Justin ;-) … >>> So, there will be another one. >>> >>> So I guess we have to check how we can remove the artifacts. >>> >>> Chris >>> >>> >>> Von: PJ Fanning <fannin...@apache.org> >>> Datum: Dienstag, 25. Juli 2023 um 11:47 >>> An: general@incubator.apache.org <general@incubator.apache.org> >>> Betreff: Re: Little "upside" at the Wayang podling >>> It does seem like a good idea to do a 2 phase release to the Apache Nexus >>> Repository. I think a lot of Apache projects use that approach. It means >>> that the binary artifacts can be checked during the release voting along >>> side the source release. Nexus allows you the drop the artifacts or to >>> release them and this can be a good way to handle unsuccessful and >>> successful release votes (respectively). >>> >>> It might make sense to bring the 0.7.0 release to an Incubator vote and if >>> it passes then there isn't much harm. The Wayang team have announced this >>> release on their dev mailing list but don't appear to have updated their >>> download page [1] yet. Could we get them to respond to all the announcement >>> emails to say that release vote is not yet complete and to ask people not >>> use this release until the vote is finished? >>> >>> If the Incubator vote fails, I'm not sure but it may be feasible to see if >>> the Maven team can remove the 0.7.0 artifacts. >>> >>> [1] https://wayang.apache.org/download/ >>> >>> On 2023/07/25 09:28:00 Christofer Dutz wrote: >>>> Hi all, >>>> >>>> yesterday the Wayang podling was following the “release documentation” >>> of a TLP and “forgot” to do the round over the IPMC. >>>> However, they’ve already moved things to the release distro area (from >>> where they’ve removed it after me contacting them) but in Nexus they >>> clicked on “release” and the artifacts are out in the wild. >>>> >>>> How to generally deal with this situation? I think in general it would >>> be good, if releasing maven artifacts in Nexus was a two step thing … a) >>> the project clicks on “release” and then an IPMC member has to confirm that. >>>> >>>> Chris >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
