+1, I verified:
* source-release artifact content matches contents of git checkout at the
commit that will be tagged
* signatures match and are signed by the key with the specified fingerprint
* nexus-generated md5 and sha1 hashes exist in the staging repo and match
the artifacts
* the jar, the po
+1 (binding)
I did the following:
verified hashes
verified signatures
confirmed no difference between source release tar contents and rc4 branch
(sans dotfiles in the branch)
confirmed LICENSE file contents are correct
confirmed NOTICE file contents are correct and copyright date is correct
confi
