Once a Release has been staged on http://repository.apache.org it must be reviewed by each PMC member before casting his VOTE.
The following points need to be checked:
is the GPG signature fine?
is there a source archive?
can the source archive really be built?
is there a correct LICENSE and NOTICE file in each artifact (both source and binary artifacts)?
does the NOTICE file contain all necessary attributions?
check the dependencies. We must not have any GPL dependencies and LGPL only if they are optional, etc! See http://www.apache.org/legal/3party.html
do all the tests work?
if there is a TCK to run, does it succeed?
if there is a tag in the SCM, does it contain reproduceable sources?