incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: [VOTE]: Release Apache Dubbo (Incubating) 2.6.2 [RC2]
Date Mon, 04 Jun 2018 08:05:50 GMT

Source bundle:
- Hash and signature are correct
- Hash of tag matches the hash quoted in the release vote mail
- Contents of git tag match src bundle except for .gitignore file
- Maven build passes
- LICENSE and NOTICE look correct for source bundle
- LICENSE and NOTICE look correct for binary bundle

+1 to release

I have the following minor review comments (none of which warrant
another RC):

I strongly recommend that you include the full fingerprint of the
signing KEY in the KEYS file as well as the key ID. See [1] for an
example where some of the keys have this. A few years ago an attack was
demonstrated ([2], [3]) that show it was possible to create collisions
in the key ID. Using the full fingerprint mitigates this attack.

No concerns with the file name used. Just a comment that the usual
naming convention would be:

I'd suggest including the .gitignore file in the src release.

I was a little surprised that the binary bundle was just the JARs rather
than something that a user could unpack and run via /
dubbo.bat. There isn't anything wring with this, just not what I am used to.



On 29/05/18 09:47, Jun Liu wrote:
> Hello All,
> This is a call for vote to release Apache Dubbo (Incubating) version 2.6.2.
> The Apache Dubbo community has voted on and approved a proposal to release Apache Dubbo
(Incubating) version 2.6.2.
> We now kindly request the Incubator PMC members review and vote on this incubator release.
> Apache Dubbo™ (incubating) is a high-performance, java based, open source RPC framework.
Dubbo offers three key functionalities, which include interface based remote call, fault tolerance
& load balancing, and automatic service registration & discovery. 
> Dubbo vote thread:
> Dubbo vote result thread:
> The release candidates:
> <>
> Git tag for the release:
> <>

> Hash for the release tag:
> 5eeb240337ccfbc820d4bde023d8cf643f33d735
> Release Notes:
> <>
> The artifacts have been signed with Key : 28681CB1, which can be found in the keys file:
> <>
> The vote will be open for at least 72 hours or until necessary number of votes are reached.
> Please vote accordingly:
> [ ] +1 approve 
> [ ] +0 no opinion 
> [ ] -1 disapprove with the reason
> Thanks.
> Jun Liu,
> on behalf of The Apache Dubbo (Incubating) Team

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message