+1 (binding - with caveats)
I checked:
* checksum
* incubating in the source zip name
* DISCLAIMER, LICENSE, NOTICE present in source zip
* signatures okay (but see note about KEYS in earlier email)
* maven clean install passed with JDK 11
* some acceptable binary files: the images/pdf/omnigraffle files should be okay
* some less desirable binary files: in general we'd not want Java
bytecode files in a source release, are the python bytecode files
possible to exclude? I see the (supposedly) original source files
alongside but I know I didn't try to verify them (unless your build
checked for me). I presume if you remove them the build speed is
dramatically reduced? But they do introduce an attack vector if
someone wanted to maliciously inject things and have a binary file
that didn't match the source file. I don't know enough about the
Python build environment to understand if this is a non-issue. If the
.pyc files were left in Github but excluded from the src distribution
would that be a possible path forward without the additional attack
vector? Apologies if there are some obvious flaws in my thinking.
* I successfully ran my Groovy/Wayang Whisky clustering examples (with
hand-rolled distributed K-Means as well as using wayang-ml4all)
https://github.com/paulk-asert/groovy-data-science/blob/master/subprojects/WhiskeyWayang/src/main/groovy/WhiskeyWayang.groovy
https://github.com/paulk-asert/groovy-data-science/blob/master/subprojects/WhiskeyWayang/src/main/groovy/WhiskeyWayangML.groovy
(I used Groovy 5.0.0-alpha-12, JDK17, Spark 3.5.4)
* Minor: in the root NOTICE file, I believe everything after the
"Copyright 2016 Sebastian Kruse" can be deleted (keep that line and
everything before)
* Minor: the copyright in README.md is still 2024
Cheers, Paul.
On Tue, Feb 11, 2025 at 10:36 PM Paul King <pa...@asert.com.au> wrote:
>
> If you have some kind of template that is used when generating the
> email for this list, it might pay to include wording about the PPMC
> vote, so that it doesn't get missed in the future.
>
> I also noted that you don't mention the KEYS file in either this
> thread or the PPMC vote thread. In general, you'd want the release
> managers key to be in the KEYS file. It isn't in the file here:
>
> https://dist.apache.org/repos/dist/release/incubator/wayang/KEYS
> (same as https://downloads.apache.org/incubator/wayang/KEYS)
>
> I also noted another KEYS file here (also missing release managers key):
>
> https://dist.apache.org/repos/dist/dev/incubator/wayang/KEYS
>
> You should delete that "dev" file and only have one, the "release"
> one. Also the 0.6.0, 0.7.0 and 0.7.1 directories under dev should be
> removed now that they have been released (or cancelled for 0.7.0).
>
> I was able to get the public key for "verify" to pass using "gpg
> --receive-keys", and that is possibly fine for folks in the know, but
> in general I believe we want that info in the KEYS file - so users
> following the instructions on your download page won't be surprised.
>
> Just leaving this note here in case anyone else runs into the KEYS
> problem. In the meantime, I'd suggest the RM adds their key to the
> release KEYS file.
>
> I'll continue with my evaluation.
>
>
> Cheers, Paul.
>
> On Sun, Feb 9, 2025 at 8:59 AM Paul King <pa...@asert.com.au> wrote:
> >
> > I'd normally expect to see a reference to the PPMC vote. I can see
> > that it happened, so including it here for others:
> >
> > https://lists.apache.org/thread/53hnlvxh880hzolpkfxk01jqy4sthrcc
> >
> > I'll also take a look at the release artifacts over the next few days.
> >
> > Paul.
> >
> > On Sun, Feb 9, 2025 at 3:40 AM Zoi Kaoudi <zkao...@yahoo.gr.invalid> wrote:
> > >
> > > Dear all,
> > >
> > > Apache Wayang (Incubating) 1.0.0 has been staged under [2] and it’s time
> > > to vote
> > > on accepting it for release. All Maven artifacts are available under [1].
> > > Voting will be open for at least 72hr.
> > >
> > > A minimum of 3 binding +1 votes and more binding +1 than binding -1 are
> > > required to pass.
> > >
> > > Release tag: v1.0.0-rc5
> > > Hash for the release tag (commit r74705):
> > > https://github.com/apache/incubator-wayang/releases/tag/v1.0.0-rc5
> > >
> > > Per [3] "Before voting +1 PMC members are required to download
> > > the signed source code package, compile it as provided, and test
> > > the resulting executable on their own platform, along with also
> > > verifying that the package meets the requirements of the ASF policy
> > > on releases."
> > >
> > > You can achieve the above by following [4].
> > >
> > > [ ] +1 accept (indicate what you validated - e.g. performed the non-RM
> > > items in [4])
> > > [ ] -1 reject (explanation required)
> > >
> > >
> > > [1]
> > > https://repository.apache.org/content/repositories/orgapachewayang-1025
> > > [2] https://dist.apache.org/repos/dist/dev/incubator/wayang/1.0.0/rc5/
> > > [3] https://www.apache.org/dev/release.html#approving-a-release
> > > [4]
> > > https://cwiki.apache.org/confluence/display/PLC4X/Validating+a+staged+Release
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
