In order to make DataLab release that follow apache policy we should make sure that:

  • Source code can be compiled;
  • Unit/Integration tests are passed;
  • Apache copyright header is present in almost all files. Header can be missed in files that does not support comments: e.g. json, txt, md etc;
  • There is not compiled code in sources;

Get rid of a folder integration-tests from release branch. The folder should be in develop branch, but not in release one.

After such sanity checks are done: 

  1. Create branch and tag for RC
  2. Create archive for sources: 

    git archive --format tar --output ${output_path} ${branch_name}

  3. Generate gpg key (if was not generated before): 

    gpg --gen-key

  4. Send key to server (if was not sent before): 

    gpg --send-key ${your_key_id}

  5. Edit - update your key fingerprint
  6. Sign release package (tar/zip archive): 

    gpg -u ${your_key_id} --armor --output ${output_file_name} --detach-sig ${path_to_archive}

  7. Create sha512 key for release package: 

    gpg --print-md SHA512 ${path_to_archive} > ${path_to_archive}.sha512

8. 'This is a pre-release' option should be checked off in Github

9. Upload signed RC to (svn repo).

Before starting a vote process it is supposed to check (Data QA's responsibility):

  • Download links (in vote email)
  • Checksums and PGP signatures
  • LICENSE and NOTICE files exist
  • Correct year in NOTICE file
  • Source code artifacts have correct names matching the current release
  • Incubating is present in artifact name
  • All files have license headers if necessary
  • No compiled archives bundled in source archive
  • Check if there is any extra files or folders, empty folders for example

Signing the key (Data QA's responsibility)

Sign a key ( if he is not signed before

1. List the keys currently in your keyring: 

gpg --list-keys

2. To sign PPMC's key, so pull it into your keyring: 

gpg --recv-keys <2AD3FAE3>

If PPMC's key is already in your keyring, it's a good idea to pull it again, so that your keyring is up to date.

If the default keyserver ( is not responsive, use the MIT or Ubuntu

gpg --keyserver --recv-keys <2AD3FAE3>
gpg --keyserver --recv-keys <2AD3FAE3>

3. Sign PPMC's key: 

gpg --sign-key <2AD3FAE3>

4. send the signed key to the keyserver

gpg --send-keys <2AD3FAE3>
gpg --keyserver --send-keys <2AD3FAE3>
gpg --keyserver --send-keys <2AD3FAE3>

5. The keyserver will merge our signature with those available for PPMC's key. Wait a few moments for the merging to complete and check that everything worked by visiting the following:

where 0xDDB6E9812AD3FAE PPMC's key data

If you can see your signature for PPMC's key on all those servers, so that means his key was signed correctly.

VERIFYING A SIGNATURE (Data QA's responsibility)


Download data from 'release candidate' link which is in vote email.

gpg --verify apache-dlab-2.3.0-incubating.tar.gz.asc.txt apache-dlab-2.3.0-incubating.tar.gz

Signature is valid, if gpg verifies the .asc as a good signature, and doesn't complain about expired or revoked keys:

gpg --verify --status-fd 1 apache-dlab-2.3.0-incubating.tar.gz.asc.txt apache-dlab-2.3.0-incubating.tar.gz

Should classify the .asc as a GOODSIG:

Check the integrity of a release (Data QA's responsibility)

gpg --print-md SHA512 apache-dlab-2.3.0-incubating.tar.gz > apache-dlab-2.3.0-incubating.tar.gz.sha512
cat apache-dlab-2.3.0-incubating.tar.gz.sha512
cat apache-dlab-2.3.0-incubating.tar.gz.sha512.txt

And compare outputs. They should be identical.

Vote process

  1. Create voting mail thread for release on with subject [VOTE]: Release Apache DataLab (incubating) VERSION can be used as mail template. After mail is sent we should wait for approving release from community. (At lease 1 mentor should approve release)

  2. If voting is positive then result mail thread should be created on with subject [VOTE][RESULT]: Release Apache DataLab (incubating) VERSION. Email should contain summary of voting. (e.g.


  1. In vote for key url use the follow link (e.g.
  2. To change you need to fill in via svn at 

After all step above are done voting should be moved to and should be opened at least 72 hours. (e.g. Voting is treated as positive if approve was got from at least 3 IPMC members and no negative votes present. After release is approved new mail should be sent to with subject [VOTE][RESULT]: Release Apache DataLab (incubating) VERSION that contains results of voting. Next step is to move RC to release location and create release on

  • No labels