accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <josh.el...@gmail.com>
Subject Re: [VOTE] Accumulo 1.7.2-rc2
Date Sun, 19 Jun 2016 20:07:12 GMT


Dylan Hutchison wrote:
> +1 with notes below~
>
> * NOTICE and LICENSE look good to my inexperienced eyes.
> * Source-compiled binary tar.gz matches the binary tar.gz artifact, except
> for META-INF entries.
> * Unit tests pass.
> * Good checksums and sigs. Fingerprint matches Mike's key.
> * Graphulo tests pass.

Yay, API compatibility :)

> * Sunny integration tests pass on a single-node standalone deployment.
> Tested on Zookeeper 3.4.6 and both Hadoop 2.4.1 and 2.7.2.
>
> Notes / Questions:
>
>     1. On the ITs: for some reason I can't figure out, the "stop Accumulo
>     processes" part of ReadWriteIT#sunnyDay gives me trouble when I run it
>     alongside the others, but it passes when I run it alone.  Similar story for
>     ExamplesIT#testBulkIngest.

Interesting. Are you setting forkMode > 1? Or running multiple 
invocations of the build at the same time? I wouldn't be surprised if 
some of the logic we have to 'test' is actually wrong when we have 
concurrent processes running, but I'm not sure why these two in 
particular would have troubles.

>     2. On diffing the source-built binary with the binary artifact: it seems
>     the source-built binary has more license information in
>     the META-INF/DEPENDENCIES than the binary artifact, in addition to a few of
>     the entries being permuted.  This holds true for all the jars except
>     accumulo-fate.jar.  Here is a pastebin for the source-built binary deps
>     <http://pastebin.com/HJZB2See>, and a pastebin for the binary artifact
>     deps<http://pastebin.com/nKfxWd2c>  for accumulo-core.jar.  Here is
> a pastebin
>     of their diff<http://pastebin.com/jYtggRLK>.  I don't know how
>     significant the difference is; maybe Sean or Christopher could comment.

This is probably due to the difference in the release-process creation 
of the binary tarball and what gets built when you just do a `mvn 
package` on your computer (e.g. activating the 'apache-release' Maven 
profile). I also see findbugs in the list, so that's likely unintended.

Overall, for the purposes of the ASF licensing, the DEPENDENCIES file is 
a "nice to have" (LICENSE and NOTICE are the ones we really need to get 
right).

Also, with your commit bit, you can also use paste.apache.org if you 
want to avoid the ads on pastebin :)

>     3. Is it good practice to use a code-signing key with no expiration date?

As I understand it, it's not bad like a non-expiring password, but it's 
good to have an expiration date. If you do lose/compromise your key, at 
least everyone knows that there is a certain date the key is no longer 
valid. It's also easy to extend the validity of your key, IIRC.

>
>
> On Fri, Jun 17, 2016 at 9:31 PM, Mike Drob<mdrob@apache.org>  wrote:
>
>> Accumulo Developers,
>>
>> Please consider the following candidate for Accumulo 1.7.2.
>>
>> All content generated via
>>      assemble/build.sh --create-release-candidate -P '!thrift'
>>
>> Changes from 1.7.2-rc1
>>
>> ACCUMULO-4346 correct LICENSE file for source to include text of reference
>> ACCUMULO-4347 Crypto notification should be in README files instead of
>> NOTICE
>>
>> Git Commit:
>>      a01e67741d101c3d87f1d6e16d54ff7a96951ad0
>> Branch:
>>      1.7.2-rc2
>>
>> If this vote passes, a gpg-signed tag will be created using:
>>      git tag -f -m 'Apache Accumulo 1.7.2' -s rel/1.7.2
>> a01e67741d101c3d87f1d6e16d54ff7a96951ad0
>>
>> Staging repo:
>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1052
>> Source (official release artifact):
>>
>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1052/org/apache/accumulo/accumulo/1.7.2/accumulo-1.7.2-src.tar.gz
>> Binary:
>>
>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1052/org/apache/accumulo/accumulo/1.7.2/accumulo-1.7.2-bin.tar.gz
>> (Append ".sha1", ".md5", or ".asc" to download the signature/hash for a
>> given artifact.)
>>
>> All artifacts were built and staged with:
>>      mvn release:prepare&&  mvn release:perform
>>
>> Signing keys are available at https://www.apache.org/dist/accumulo/KEYS
>> (Expected fingerprint: 86EDB9C33B8517228E88A8F93E48C0C6EF362B9E)
>>
>> Release notes (in progress) can be found at:
>> https://accumulo.apache.org/release_notes/1.7.2
>>
>> Please vote one of:
>> [ ] +1 - I have verified and accept...
>> [ ] +0 - I have reservations, but not strong enough to vote against...
>> [ ] -1 - Because..., I do not accept...
>> ... these artifacts as the 1.7.2 release of Apache Accumulo.
>>
>> This vote will end on Tue Jun 21 05:00:00 UTC 2016
>> (Tue Jun 21 01:00:00 EDT 2016 / Mon Jun 20 22:00:00 PDT 2016)
>>
>> Thanks!
>>
>> P.S. Hint: download the whole staging repo with
>>      wget -erobots=off -r -l inf -np -nH \
>>
>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1052/
>>      # note the trailing slash is needed
>>
>

Mime
View raw message