Hi IPMC— Just a reminder: please VOTE on Apache Flagon UserALE.js (Incubating) v2.0.2
We need +3 binding VOTE from Incubator having met the VOTE requirements on dev@ Note that we have addressed the omission of the disclaimer files from .bin distribution packages Justin discovered, with no commits needed to fix. See below. As this is a security-related patch, attention to this VOTE is much appreciated. Thanks! Josh > On Aug 14, 2019, at 11:10 PM, Joshua Poore <poor...@apache.org> wrote: > > General@ > > Following Justin’s comment below—Disclaimer missing from .bin release > packages—I have repackaged release candidate #1 to include Disclaimers and > pushed to https://dist.apache.org/repos/dist/dev/incubator/flagon/ > <https://dist.apache.org/repos/dist/dev/incubator/flagon/>. > > As this issue was a file omission and did not affect source or build > artifacts, the commit reference used for voting in dev@ have not changed, nor > have git tags for the release candidate. .bin packages now include our > Disclaimer. > > As a matter of good practice I have re-evaluated the repackaged release > candidate against the following: > > [ x ] Build and Unit Tests Pass > [ x ] Integration Tests Pass > [ x ] "Incubating" in References to Project and Distribution File Names > [ x ] Signatures and Hashes Match Keys > [ x ] DISCLAIMER, LICENSE, and NOTICE Files in Source and Binary Release > Packages > [ x ] DISCLAIMER, LICENSE, and NOTICE are consistent with ASF and Incubator > Policy > [ x ] CHANGELOG included with release distribution > [ x ] All Source Files Have Correct ASF Headers > [ x ] No Unexpected Binary Files in Source Release Packages > > Please feel free to evaluate as you VOTE. See the thread below for the > interim summary of VOTEs on dev@ > > VOTE details follow: > > Please VOTE on the Apache Flagon (Incubating) 2.0.2 Release Candidate # 1 > > This VOTE has passed successfully within the Apache Flagon community. We are > now posting the VOTE on general@ as required by Apache Release Management > policies. > > Interim RESULT on dev@ are as follows: > > [+1] 7 > Joshua Poore > Rob Foley (`Confused`) > Laura Mariano > Furkan Kamaci* > Arthi Vezhavendan > Tim Allison* > Dave Meikle* > > [0] 0 > > [-1] > > *Binding IPMC/PPMC Mentor VOTE > > The VOTE thread on dev@ can be found here: > https://lists.apache.org/thread.html/1d0efb2a17b1b1a3bb83a6bf882f994000f7d9db316f8b244db54076@%3Cdev.flagon.apache.org%3E > > <https://lists.apache.org/thread.html/1d0efb2a17b1b1a3bb83a6bf882f994000f7d9db316f8b244db54076@%3Cdev.flagon.apache.org%3E> > > VOTE details follow: > > About Flagon: http://flagon.incubator.apache.org/ > <http://flagon.incubator.apache.org/> <http://flagon.incubator.apache.org/ > <http://flagon.incubator.apache.org/>> > > This Patch release includes : > > • Updates to package.json and package-lock.json to resolve downstream > Prototype Pollution vulnerabilities in dev dependencies > • Updates to package.json and package-lock.json to modernize deprecated > npm modules > • Minor updates to README documentation for UserALE.js' Example Test > Utilities. > > We solved 11 issues: > https://issues.apache.org/jira/projects/FLAGON/versions/12345954 > <https://issues.apache.org/jira/projects/FLAGON/versions/12345954><https://issues.apache.org/jira/projects/FLAGON/versions/12345954 > <https://issues.apache.org/jira/projects/FLAGON/versions/12345954>> > > Git source tag (43de2fc1e1c5d5e1a83119a91947f7bbe6d313f3): > https://github.com/apache/incubator-flagon-useralejs/releases/tag/2.0.2-RC1-08_06_2019 > > <https://github.com/apache/incubator-flagon-useralejs/releases/tag/2.0.2-RC1-08_06_2019> > > <https://github.com/apache/incubator-flagon-useralejs/releases/tag/2.0.2-RC1-08_06_2019 > > <https://github.com/apache/incubator-flagon-useralejs/releases/tag/2.0.2-RC1-08_06_2019>> > > Staging repo: https://dist.apache.org/repos/dist/dev/incubator/flagon/ > <https://dist.apache.org/repos/dist/dev/incubator/flagon/> > > Source Release Artifacts: > https://dist.apache.org/repos/dist/dev/incubator/flagon/apache-flagon-useralejs-incubating-2.0.2-RC1/ > > <https://dist.apache.org/repos/dist/dev/incubator/flagon/apache-flagon-useralejs-incubating-2.0.2-RC1/> > > > PGP release keys (signed using F937rFAE3FCADF6E): > https://dist.apache.org/repos/dist/release/incubator/flagon/KEYS > <https://dist.apache.org/repos/dist/release/incubator/flagon/KEYS> > > Reference the UserALE.js testing framework to assist in your unit and > integration tests: > https://cwiki.apache.org/confluence/display/FLAGON/UserALE.js+Testing+Framework > > <https://cwiki.apache.org/confluence/display/FLAGON/UserALE.js+Testing+Framework> > > Link to Successful Jenkins Build(s): > https://builds.apache.org/job/useralejs-ci/91/ > <https://builds.apache.org/job/useralejs-ci/91/> > > Vote will be open for 72 hours. Please VOTE as follows: > > [ ] +1, let's get it released!!! > [ ] +/-0, fine, but consider to fix few issues before... > [ ] -1, nope, because... (and please explain why) > > Thank you to everyone that is able to VOTE as well as everyone that > contributed to Apache Flagon 2.0.0 > > Thanks, > > Josh > >> On Aug 14, 2019, at 8:27 AM, Joshua Poore <poor...@me.com.INVALID> wrote: >> >> Hi Justin, >> >> Please clarify your VOTE. Are we at -1 or 0 from you? If its a 0 - "consider >> fixing a few issues”. I can easily roll a new release with DISCLAIMERS in >> bin push as new release package so that this issue can be vetted prior to >> release, but doesn’t require another VOTE altogether. >> >> Josh >> >>> On Aug 13, 2019, at 11:58 PM, Justin Mclean <jus...@classsoftware.com> >>> wrote: >>> >>> Hi, >>> >>> +1 (binding) on the source release, but sorry it’s -1 (binding) for the >>> binaries as they are missing the DISCLAIMER file [2] >>> >>> You might want to consider using a checklist when checking releases [1]. >>> Also when voting on release it a good idea to list what you checked rather >>> than just saying +1. >>> >>> I checked: >>> - incubating in name >>> - signatures and hashes fine >>> - DISCLAIMER in source but not in binary releases >>> - LICENSE and NOTICE fine >>> - all source files have ASF headers >>> - no unexpected binary files in source release >>> >>> There also no need to put the KEYS fine inside the release, it's sort of a >>> bit late to find it there after you unzipped it :-) >>> >>> Thanks, >>> Justin >>> >>> 1. >>> https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist >>> 2. https://incubator.apache.org/policy/incubation.html#disclaimers >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
