-1 (binding) from me * You have MIT Licensed code but no mention of it in your LICENSE [1]. One example [2] but there is another g4 file with the same header. * The LICENSE mentions BSD LIcense for Antlr and maybe this relates to these MIT Licensed files but this isn't clear * there is another MIT licensed source file with no mention in your LICENSE [3] * seata-server/templates/_helpers.tpl [5] is a copy of a file in github.com/open-hand/hzero-starter-parent/ - this should be mentioned in your LICENSE unless the file in github.com/open-hand/hzero-starter-parent/ is a copy of your file * The LICENSE in your binary file could really be made easier to use by explicitly including the names of the licenses instead of including links to the license files many of which are not browser friendly. The Abego one has an expired HTTPS cert. * The LICENSE in your binary file should state which license you want to use when the dependency has more than 1 license * as an example, with 'CDDL-1.0 and GPL-2.0' [4], you should state that you choose CDDL-1.0 because GPL-2.0 is not allowed * more of a nit but I think you should use tar.gz for both the src and bin artifacts - it seems odd to use zip for src and tar.gz for bin
[1] https://github.com/apache/incubator-seata/blob/2.x/LICENSE [2] https://github.com/apache/incubator-seata/blob/238cf3ab8e0c6f781e52f8efec19d54bab40cef0/sqlparser/seata-sqlparser-antlr/src/main/java/org/apache/seata/sqlparser/antlr/mysql/antlr/MySqlLexer.g4 [3] https://github.com/apache/incubator-seata/blob/238cf3ab8e0c6f781e52f8efec19d54bab40cef0/console/src/main/resources/static/saga-statemachine-designer/bundle.js.LICENSE.txt [4] https://github.com/apache/incubator-seata/blob/238cf3ab8e0c6f781e52f8efec19d54bab40cef0/distribution/LICENSE#L610 [5] https://github.com/open-hand/hzero-starter-parent/blob/af7589bc0041f687b143e77f2171b1fd79ba0a9d/hzero-starter-seata/src/main/resources/script/server/helm/seata-server/templates/_helpers.tpl On Sat, 6 Jul 2024 at 19:17, PJ Fanning <fannin...@apache.org> wrote: > > I think it would be better to put RC4 in the directory name of the release > dir. > > https://dist.apache.org/repos/dist/dev/incubator/seata/incubator-seata/2.1.0/ > should be > https://dist.apache.org/repos/dist/dev/incubator/seata/incubator-seata/2.1.0-RC4/ > or even > https://dist.apache.org/repos/dist/dev/incubator/seata/2.1.0-RC4/ > > Don't put the RC4 in the name of the tar.gz files or the directory > names inside the tar.gz. > > Again, not a reason to restart the release process - but a suggestion > for the next RC whenever that is. > > On Fri, 5 Jul 2024 at 18:14, tison <wander4...@gmail.com> wrote: > > > > BTW, the unpacked folders name: > > > > apache-seata-2.1.0-incubating-src.zip -> incubator-seata-2.1.0 > > apache-seata-2.1.0-incubating-bin.tar.gz -> apache-seata > > > > looks unaligned. I suppose you try to name them: > > > > apache-seata-2.1.0-incubating-src.zip -> apache-seata-2.1.0-incubating-src > > apache-seata-2.1.0-incubating-bin.tar.gz -> > > apache-seata-2.1.0-incubating-bin > > > > while this is a suggestion rather than some guidelines or policies. > > > > Best, > > tison. > > > > > > tison <wander4...@gmail.com> 于2024年7月5日周五 10:11写道: > > > > > +1 (binding) > > > > > > I checked: > > > > > > * Download links work > > > * Signature and checksum matches > > > > > > gpg: Signature made 六 6/15 06:08:36 2024 PDT > > > gpg: using RSA key B51F1A5056BC5D6FBF2D82871E90338E9FA7635C > > > gpg: Good signature from "jimin (CODE SIGN) <ji...@apache.org>" [unknown] > > > gpg: WARNING: This key is not certified with a trusted signature! > > > gpg: There is no indication that the signature belongs to the > > > owner. > > > Primary key fingerprint: B51F 1A50 56BC 5D6F BF2D 8287 1E90 338E 9FA7 > > > 635C > > > > > > * LICENSE / NOTICE / DISCLAIMER exist > > > * Files have ASF license header > > > > > > I cannot build from source on osx_aarch64 due to: > > > > > > [ERROR] Failed to execute goal > > > org.xolstice.maven.plugins:protobuf-maven-plugin:0.6.1:compile (default) > > > on > > > project seata-serializer-protobuf: Unable to resolve artifact: Missing: > > > [ERROR] ---------- > > > [ERROR] 1) com.google.protobuf:protoc:exe:osx-aarch_64:3.11.0 > > > [ERROR] > > > [ERROR] Try downloading the file manually from the project website. > > > [ERROR] > > > [ERROR] Then, install it using the command: > > > [ERROR] mvn install:install-file -DgroupId=com.google.protobuf > > > -DartifactId=protoc -Dversion=3.11.0 -Dclassifier=osx-aarch_64 > > > -Dpackaging=exe -Dfile=/path/to/file > > > [ERROR] > > > [ERROR] Alternatively, if you host your own repository you can deploy > > > the file there: > > > [ERROR] mvn deploy:deploy-file -DgroupId=com.google.protobuf > > > -DartifactId=protoc -Dversion=3.11.0 -Dclassifier=osx-aarch_64 > > > -Dpackaging=exe -Dfile=/path/to/file -Durl=[url] -DrepositoryId=[id] > > > [ERROR] > > > [ERROR] Path to dependency: > > > [ERROR] 1) org.apache.seata:seata-serializer-protobuf:jar:2.1.0 > > > [ERROR] 2) com.google.protobuf:protoc:exe:osx-aarch_64:3.11.0 > > > [ERROR] > > > [ERROR] ---------- > > > [ERROR] 1 required artifact is missing. > > > [ERROR] > > > [ERROR] for artifact: > > > [ERROR] org.apache.seata:seata-serializer-protobuf:jar:2.1.0 > > > [ERROR] > > > [ERROR] from the specified remote repositories: > > > [ERROR] apache.snapshots (https://repository.apache.org/snapshots, > > > releases=false, snapshots=true), > > > [ERROR] central (https://repo.maven.apache.org/maven2, releases=true, > > > snapshots=false) > > > > > > But I think it's fair enough to upgrade the related dependencies in a > > > following commit. > > > > > > The link to KEYS file should be updated as stated above, but it's not a > > > release blocker anyway. > > > > > > Best, > > > tison. > > > > > > Best, > > > tison. > > > > > > > > > tison <wander4...@gmail.com> 于2024年7月5日周五 10:09写道: > > > > > >> You should use https://downloads.apache.org/incubator/seata/KEYS > > >> instead of dist dev. > > >> > > >> You can upload the KEYS file to > > >> https://dist.apache.org/repos/dist/release/incubator/seata/KEYS and > > >> the downloads link would work. > > >> > > >> Best, > > >> tison. > > >> > > >> Min Ji <ji...@apache.org> 于2024年7月5日周五 10:03写道: > > >> > > > >> > Hello, > > >> > > > >> > This is a call for vote on releasing Apache Seata(incubating) > > >> v2.1.0-RC4. > > >> > > > >> > The vote thread: > > >> > https://lists.apache.org/thread/s0gxv49802kk8y3dnxr8ytxy6ghkkjr6 > > >> > > > >> > Vote Result: > > >> > https://lists.apache.org/thread/km5dzmhw2j7ow86pk3g81f1z50sojomz > > >> > > > >> > The release candidates: > > >> > > > >> https://dist.apache.org/repos/dist/dev/incubator/seata/incubator-seata/2.1.0/ > > >> > > > >> > The staging repo: > > >> > https://repository.apache.org/content/repositories/orgapacheseata-1030/ > > >> > > > >> > Git tag for the release: > > >> > https://github.com/apache/incubator-seata/releases/tag/v2.1.0 > > >> > > > >> > Git commit id for the release: > > >> > > > >> https://github.com/apache/incubator-seata/commit/38e9cea8bd611eca1e837e766b41a1334473c5f4 > > >> > > > >> > Release Notes: > > >> > https://github.com/apache/incubator-seata/releases/tag/v2.1.0 > > >> > > > >> > The artifacts have been signed with Key : > > >> > B51F1A5056BC5D6FBF2D82871E90338E9FA7635C, which can be found in the > > >> > keys file: > > >> > https://dist.apache.org/repos/dist/dev/incubator/seata/KEYS > > >> > > > >> > Build Environment: JDK 8+, Apache Maven 3.6.0+. > > >> > Build Command: ./mvnw clean package -DskipTests=true, If you are > > >> > building on an ARM64 architecture, please add the profile -Parrch64. > > >> > > > >> > CI Test Workflow: > > >> > > > >> https://github.com/apache/incubator-seata/actions/runs/9527005533/job/26263693001 > > >> > > > >> > The vote will be open for at least 72 hours or until necessary number > > >> > of votes are reached. > > >> > > > >> > Please vote accordingly: > > >> > > > >> > [ ] +1 approve > > >> > [ ] +0 no opinion > > >> > [ ] -1 disapprove with the reason > > >> > > > >> > Checklist for reference: > > >> > [ ] Download links are valid. > > >> > [ ] Checksums and PGP signatures are valid. > > >> > [ ] Source code distributions have correct names matching the current > > >> > release. > > >> > [ ] LICENSE and NOTICE files are correct for each Answer repo. > > >> > [ ] All files have license headers if necessary. > > >> > [ ] No unlicensed compiled archives bundled in source archive. > > >> > > > >> > > > >> > > > >> > Warm regards, > > >> > > > >> > Ji Min > > >> > > > >> > --------------------------------------------------------------------- > > >> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > >> > For additional commands, e-mail: general-h...@incubator.apache.org > > >> > > > >> > > > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
