[VOTE] Release Apache Log4j Tools 0.7.0
This is a vote to release the Apache Log4j Tools 0.7.0. Website: https://logging.staged.apache.org/log4j/tools GitHub: https://github.com/apache/logging-log4j-tools Commit: 04d9a79fb5cadb791c9e66fc671d6c0ffedf7e1e Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j-tools Nexus: https://repository.apache.org/content/repositories/orgapachelogging-1247 Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 Please download, test, and cast your votes on this mailing list. [ ] +1, release the artifacts [ ] -1, don't release, because... This vote is open for 72 hours and will pass unless getting a net negative vote count. All votes are welcome and we encourage everyone to test the release, but only the Logging Services PMC votes are officially counted. At least 3 +1 votes and more positive than negative votes are required. === Review kit The minimum set of steps needed to review the uploaded distribution files in the Subversion repository can be summarized as follows: # Check out the distribution svn co https://dist.apache.org/repos/... && cd $_ # Verify checksums shasum --check *.sha512 # Verify signatures wget -O - https://downloads.apache.org/logging/KEYS | gpg --import for sigFile in *.asc; do gpg --verify $sigFile; done # Verify reproduciblity umask 0022 unzip *-src.zip -d src cd src export NEXUS_REPO=https://repository.apache.org/content/... sh mvnw -Prelease verify artifact:compare -Dreference.repo=$NEXUS_REPO === Release notes This minor release contains various bug fixes and improvements. Added * Add the new `updated` changelog entry type and bump the XSD version to `0.1.3` Changed * Update `commons-io:commons-io` to version `2.15.1` (#86) * Update `org.apache.maven.plugin-tools:maven-plugin-annotations` to version `3.10.2` (#87) Fixed * Sort changelog entry types alphanumerically * Fix `log4j-changelog:release` failure on empty unreleased changelog directory (#90) * Fix parsing of patch versions in `log4j-changelog:release` goal (#89)
Re: [VOTE] Release Apache Log4j 3.0.0-beta1
Hi Volkan, On Wed, 13 Dec 2023 at 16:26, Volkan Yazıcı wrote: > > This is a vote to release the Apache Log4j 3.0.0-beta1. > > Website: https://logging.staged.apache.org/log4j > GitHub: https://github.com/apache/logging-log4j2 > Commit: c5dbdcfeb0216e1e3e333436e9b4d04cc3b8e6fd > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j > Nexus: > https://repository.apache.org/content/repositories/orgapachelogging-1246 > Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 > > Please download, test, and cast your votes on this mailing list. > > [ ] +1, release the artifacts > [ ] -1, don't release, because... Thanks for preparing the release, unfortunately: * The Maven Source Plugin is misconfigured and it publishes **test** source artifacts. I fixed in in commit a8dcc55fc37e3a332101dcf0d5833273708b583b, you can cherry-pick it onto the release branch, * Since test sources are generated we have reproducibility problems: the source artifact does not preserve the chmod of each file and some files have an executable flag... Please don't release this. Piotr
Re: [VOTE] Release Apache Log4j 3.0.0-beta1
Hi Piotr, If you write "Please don't release this.", then you should vote -1. Or am I missing something? Gary On Thu, Dec 14, 2023, 3:33 PM Piotr P. Karwasz wrote: > Hi Volkan, > > On Wed, 13 Dec 2023 at 16:26, Volkan Yazıcı wrote: > > > > This is a vote to release the Apache Log4j 3.0.0-beta1. > > > > Website: https://logging.staged.apache.org/log4j > > GitHub: https://github.com/apache/logging-log4j2 > > Commit: c5dbdcfeb0216e1e3e333436e9b4d04cc3b8e6fd > > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j > > Nexus: > > https://repository.apache.org/content/repositories/orgapachelogging-1246 > > Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 > > > > Please download, test, and cast your votes on this mailing list. > > > > [ ] +1, release the artifacts > > [ ] -1, don't release, because... > > Thanks for preparing the release, unfortunately: > > * The Maven Source Plugin is misconfigured and it publishes **test** > source artifacts. I fixed in in commit > a8dcc55fc37e3a332101dcf0d5833273708b583b, you can cherry-pick it onto > the release branch, > * Since test sources are generated we have reproducibility problems: > the source artifact does not preserve the chmod of each file and some > files have an executable flag... > > Please don't release this. > > Piotr >
Re: [VOTE] Release Apache Log4j Tools 0.7.0
On Thu, 14 Dec 2023 at 13:40, Volkan Yazıcı wrote: > > This is a vote to release the Apache Log4j Tools 0.7.0. > > Website: https://logging.staged.apache.org/log4j/tools > GitHub: https://github.com/apache/logging-log4j-tools > Commit: 04d9a79fb5cadb791c9e66fc671d6c0ffedf7e1e > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j-tools > Nexus: > https://repository.apache.org/content/repositories/orgapachelogging-1247 > Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 > > Please download, test, and cast your votes on this mailing list. > > [ ] +1, release the artifacts > [ ] -1, don't release, because... As usual I checked: * that tests are not failing, * that artifacts are reproducible from the source archive, * that the artifacts in the binary archive are identical to those in the Maven repo. Version 0.7.0 successfully understands the new "updated" change type: +1 Piotr
Re: [VOTE] Release Apache Log4j 3.0.0-beta1
Given we will have several other betas before a GA release, do these issues really constitute a serious blocker? Or they can be addressed in the next beta? On Thu, 14 Dec 2023 at 21:32, Piotr P. Karwasz wrote: > Hi Volkan, > > On Wed, 13 Dec 2023 at 16:26, Volkan Yazıcı wrote: > > > > This is a vote to release the Apache Log4j 3.0.0-beta1. > > > > Website: https://logging.staged.apache.org/log4j > > GitHub: https://github.com/apache/logging-log4j2 > > Commit: c5dbdcfeb0216e1e3e333436e9b4d04cc3b8e6fd > > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j > > Nexus: > > https://repository.apache.org/content/repositories/orgapachelogging-1246 > > Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 > > > > Please download, test, and cast your votes on this mailing list. > > > > [ ] +1, release the artifacts > > [ ] -1, don't release, because... > > Thanks for preparing the release, unfortunately: > > * The Maven Source Plugin is misconfigured and it publishes **test** > source artifacts. I fixed in in commit > a8dcc55fc37e3a332101dcf0d5833273708b583b, you can cherry-pick it onto > the release branch, > * Since test sources are generated we have reproducibility problems: > the source artifact does not preserve the chmod of each file and some > files have an executable flag... > > Please don't release this. > > Piotr >
Re: [VOTE] Release Apache Log4j 3.0.0-beta1
Hi Gary, On Thu, 14 Dec 2023 at 21:39, Gary Gregory wrote: > If you write "Please don't release this.", then you should vote -1. Or am I > missing something? I don't think that will be necessary. I am reserving my vote for later. ;-) Piotr
Re: [VOTE] Release Apache Log4j 3.0.0-beta1
Hi Volkan, On Thu, 14 Dec 2023 at 22:09, Volkan Yazıcı wrote: > > Given we will have several other betas before a GA release, do these issues > really constitute a serious blocker? Or they can be addressed in the next > beta? These artifacts will pollute Maven Central and overly complicate the verification process. The only way to be able to resume from an artifact:compare failure is to run: ./mvnw install artifact:compare -Prelease -Dreference.repo=... I am not sure if this will use the remote repo to verify the artifacts or use the freshly installed versions. Piotr
Re: [VOTE] Release Apache Log4j 3.0.0-beta1
> On Dec 14, 2023, at 3:08 PM, Volkan Yazıcı wrote: > > Given we will have several other betas before a GA release, do these issues > really constitute a serious blocker? Or they can be addressed in the next > beta? > I can’t run the release verification commands you provided without this fix as the build fails after log4j-core-tests.
Re: [VOTE] Release Apache Log4j Tools 0.7.0
+1 Tested src zip ASC OK, SHA512 OK, build 'mvn clean verify' OK. Apache Maven 3.9.6 (bc0240f3c744dd6b6ec2920b3cd08dcc295161ae) Maven home: /usr/local/Cellar/maven/3.9.6/libexec Java version: 17.0.9, vendor: Homebrew, runtime: /usr/local/Cellar/openjdk@17/17.0.9/libexec/openjdk.jdk/Contents/Home Default locale: en_US, platform encoding: UTF-8 OS name: "mac os x", version: "14.2", arch: "x86_64", family: "mac" Darwin 23.2.0 Darwin Kernel Version 23.2.0: Wed Nov 15 21:54:10 PST 2023; root:xnu-10002.61.3~2/RELEASE_X86_64 x86_64 Gary On Thu, Dec 14, 2023 at 4:05 PM Piotr P. Karwasz wrote: > > On Thu, 14 Dec 2023 at 13:40, Volkan Yazıcı wrote: > > > > This is a vote to release the Apache Log4j Tools 0.7.0. > > > > Website: https://logging.staged.apache.org/log4j/tools > > GitHub: https://github.com/apache/logging-log4j-tools > > Commit: 04d9a79fb5cadb791c9e66fc671d6c0ffedf7e1e > > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j-tools > > Nexus: > > https://repository.apache.org/content/repositories/orgapachelogging-1247 > > Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 > > > > Please download, test, and cast your votes on this mailing list. > > > > [ ] +1, release the artifacts > > [ ] -1, don't release, because... > > As usual I checked: > > * that tests are not failing, > * that artifacts are reproducible from the source archive, > * that the artifacts in the binary archive are identical to those in > the Maven repo. > > Version 0.7.0 successfully understands the new "updated" change type: +1 > > Piotr
