incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Poore <poor...@apache.org>
Subject Re: [VOTE] Release Apache Flagon UserALE.js (Incubating) v2.0.2
Date Fri, 16 Aug 2019 23:54:00 GMT
Hi IPMC—

Just a reminder: please VOTE on Apache Flagon UserALE.js (Incubating) v2.0.2

We need +3 binding VOTE from Incubator having met the VOTE requirements on dev@

Note that we have addressed the omission of the disclaimer files from .bin distribution packages
Justin discovered, with no commits needed to fix. See below.

As this is a security-related patch, attention to this VOTE is much appreciated.

Thanks!

Josh

> On Aug 14, 2019, at 11:10 PM, Joshua Poore <poorejc@apache.org> wrote:
> 
> General@
> 
> Following Justin’s comment below—Disclaimer missing from .bin release packages—I
have repackaged release candidate #1 to include Disclaimers and pushed to https://dist.apache.org/repos/dist/dev/incubator/flagon/
<https://dist.apache.org/repos/dist/dev/incubator/flagon/>.
> 
> As this issue was a file omission and did not affect source or build artifacts, the commit
reference used for voting in dev@ have not changed, nor have git tags for the release candidate.
.bin packages now include our Disclaimer.
> 
> As a matter of good practice I have re-evaluated the repackaged release candidate against
the following:
> 
> [ x ] Build and Unit Tests Pass
> [ x ] Integration Tests Pass
> [ x ] "Incubating" in References to Project and Distribution File Names
> [ x ] Signatures and Hashes Match Keys
> [ x ] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release Packages
> [ x ] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and Incubator Policy
> [ x ] CHANGELOG included with release distribution
> [ x ] All Source Files Have Correct ASF Headers
> [ x ] No Unexpected Binary Files in Source Release Packages
> 
> Please feel free to evaluate as you VOTE. See the thread below for the interim summary
of VOTEs on dev@
> 
> VOTE details follow:
> 
> Please VOTE on the Apache Flagon (Incubating) 2.0.2 Release Candidate # 1
> 
> This VOTE has passed successfully within the Apache Flagon community. We are now posting
the VOTE on general@ as required by Apache Release Management policies. 
> 
> Interim RESULT on dev@ are as follows:
> 
> [+1] 7  
> Joshua Poore
> Rob Foley (`Confused`)
> Laura Mariano
> Furkan Kamaci*
> Arthi Vezhavendan
> Tim Allison*
> Dave Meikle*
> 
> [0] 0
> 
> [-1]
> 
> *Binding IPMC/PPMC Mentor VOTE
> 
> The VOTE thread on dev@ can be found here: https://lists.apache.org/thread.html/1d0efb2a17b1b1a3bb83a6bf882f994000f7d9db316f8b244db54076@%3Cdev.flagon.apache.org%3E
<https://lists.apache.org/thread.html/1d0efb2a17b1b1a3bb83a6bf882f994000f7d9db316f8b244db54076@%3Cdev.flagon.apache.org%3E>
> 
> VOTE details follow:
> 
> About Flagon: http://flagon.incubator.apache.org/ <http://flagon.incubator.apache.org/>
<http://flagon.incubator.apache.org/ <http://flagon.incubator.apache.org/>> 
> 
> This Patch release includes :
> 
> 	• Updates to package.json and package-lock.json to resolve downstream Prototype Pollution
vulnerabilities in dev dependencies
> 	• Updates to package.json and package-lock.json to modernize deprecated npm modules
> 	• Minor updates to README documentation for UserALE.js' Example Test Utilities.
> 
> We solved 11 issues: https://issues.apache.org/jira/projects/FLAGON/versions/12345954
<https://issues.apache.org/jira/projects/FLAGON/versions/12345954><https://issues.apache.org/jira/projects/FLAGON/versions/12345954
<https://issues.apache.org/jira/projects/FLAGON/versions/12345954>>
> 
> Git source tag (43de2fc1e1c5d5e1a83119a91947f7bbe6d313f3): https://github.com/apache/incubator-flagon-useralejs/releases/tag/2.0.2-RC1-08_06_2019
<https://github.com/apache/incubator-flagon-useralejs/releases/tag/2.0.2-RC1-08_06_2019>
<https://github.com/apache/incubator-flagon-useralejs/releases/tag/2.0.2-RC1-08_06_2019
<https://github.com/apache/incubator-flagon-useralejs/releases/tag/2.0.2-RC1-08_06_2019>>
> 
> Staging repo: https://dist.apache.org/repos/dist/dev/incubator/flagon/ <https://dist.apache.org/repos/dist/dev/incubator/flagon/>
> 
> Source Release Artifacts: https://dist.apache.org/repos/dist/dev/incubator/flagon/apache-flagon-useralejs-incubating-2.0.2-RC1/
<https://dist.apache.org/repos/dist/dev/incubator/flagon/apache-flagon-useralejs-incubating-2.0.2-RC1/>

> 
> PGP release keys (signed using F937rFAE3FCADF6E): https://dist.apache.org/repos/dist/release/incubator/flagon/KEYS
<https://dist.apache.org/repos/dist/release/incubator/flagon/KEYS>
> 
> Reference the UserALE.js testing framework to assist in your unit and integration tests:
https://cwiki.apache.org/confluence/display/FLAGON/UserALE.js+Testing+Framework <https://cwiki.apache.org/confluence/display/FLAGON/UserALE.js+Testing+Framework>
> 
> Link to Successful Jenkins Build(s): https://builds.apache.org/job/useralejs-ci/91/ <https://builds.apache.org/job/useralejs-ci/91/>
> 
> Vote will be open for 72 hours. Please VOTE as follows: 
> 
> [ ] +1, let's get it released!!!
> [ ] +/-0, fine, but consider to fix few issues before...
> [ ] -1, nope, because... (and please explain why)
> 
> Thank you to everyone that is able to VOTE as well as everyone that contributed to Apache
Flagon 2.0.0
> 
> Thanks,
> 
> Josh
> 
>> On Aug 14, 2019, at 8:27 AM, Joshua Poore <poorejc@me.com.INVALID> wrote:
>> 
>> Hi Justin,
>> 
>> Please clarify your VOTE. Are we at -1 or 0 from you? If its a 0 - "consider fixing
a few issues”. I can easily roll a new release with DISCLAIMERS in bin push as new release
package so that this issue can be vetted prior to release, but doesn’t require another VOTE
altogether.
>> 
>> Josh
>> 
>>> On Aug 13, 2019, at 11:58 PM, Justin Mclean <justin@classsoftware.com>
wrote:
>>> 
>>> Hi,
>>> 
>>> +1 (binding) on the source release, but sorry it’s -1 (binding) for the binaries
as they are missing the DISCLAIMER file [2]
>>> 
>>> You might want to consider using a checklist when checking releases [1]. Also
when voting on release it a good idea to list what you checked rather than just saying +1.
>>> 
>>> I checked:
>>> - incubating in name
>>> - signatures and hashes fine
>>> - DISCLAIMER in source but not in binary releases
>>> - LICENSE and NOTICE fine
>>> - all source files have ASF headers
>>> - no unexpected binary files in source release
>>> 
>>> There also no need to put the KEYS fine inside the release, it's sort of a bit
late to find it there after you unzipped it :-)
>>> 
>>> Thanks,
>>> Justin
>>> 
>>> 1. https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist
>>> 2. https://incubator.apache.org/policy/incubation.html#disclaimers
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>>> For additional commands, e-mail: general-help@incubator.apache.org
>>> 
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message