If you don't mind, could you replace your EDDSA PGP key in https://dist.apache.org/repos/dist/dev/arrow/KEYS and https://dist.apache.org/repos/dist/release/arrow/KEYS with 4096 bits RSA PGP key?
See also: https://infra.apache.org/release-signing.html In <CABgzUEFqrJ1J32R-FdbUB5CkO6Jty92hqkhsVDS=abybgnj...@mail.gmail.com> "Re: [VOTE] Release Apache Arrow 10.0.0 - RC0" on Mon, 24 Oct 2022 13:31:19 +0200, Neville Dipale <nevilled...@gmail.com> wrote: > Is there anything I can do on my side to fix this? > > On Mon, 24 Oct 2022 at 07:25, Sutou Kouhei <k...@clear-code.com> wrote: > >> Hi, >> >> Neville's PGP key uses EDDSA and gpg on CentOS 7 is old to >> process EDDSA PGP key. This RC is signed by my non-EDDSA PGP >> key. So ignore the error from "gpg --import" on CentOS 7. >> >> FYI: Some PGP keys in KEYS are removed for our RPM packages >> to work with old gpg: >> >> https://github.com/apache/arrow/blob/master/dev/tasks/linux-packages/apache-arrow-release/Rakefile#L44-L81 >> >> Thanks, >> -- >> kou >> >> In <ab54b7e0-45c6-bd6e-c96a-26cc1ac3b...@emailplus.org> >> "Re: [VOTE] Release Apache Arrow 10.0.0 - RC0" on Sun, 23 Oct 2022 >> 10:31:27 +0300, >> Benson Muite <benson_mu...@emailplus.org> wrote: >> >> > WIP but source verification fails for me on CentOS 7 due to unsigned >> > key from Neville Dipale: >> > >> > TEST_DEFAULT=0 TEST_SOURCE=1 dev/release/verify-release-candidate.sh >> > 10.0.0 0 >> > .... >> > gpg: key 717D3FB2: no valid user IDs >> > gpg: this may be caused by a missing self-signature >> > ... >> > gpg: Total number processed: 14 >> > gpg: w/o user IDs: 1 >> > gpg: unchanged: 13 >> > Failed to verify release candidate. See /tmp/arrow-10.0.0.gOoKw for >> > details. >> > >> > On 10/22/22 22:32, David Li wrote: >> >> Still WIP for me. Verified: >> >> - C++, Python, Java, binaries on Ubuntu Linux 18.04/AMD64 >> >> - C++, Python, Java on MacOS 12.3/AArch64 >> >> * MacOS required Rosetta installed to generate Protobuf sources for Java >> >> * I needed https://github.com/apache/arrow/pull/14477 to verify APT >> >> * packages on Linux >> >> * I needed https://github.com/apache/arrow/pull/14479 to verify native >> >> * wheels on MacOS >> >> I cannot verify universal2 wheels on MacOS as the binaries are for >> >> macosx_10_14 but the script hardcodes macosx_11_0. And if I edit the >> >> filename in the script, I get "...macosx_10_14_universal2.whl is not a >> >> supported wheel on this platform". Is this intended? >> >> On Fri, Oct 21, 2022, at 14:01, Jacob Wujciak wrote: >> >>> +1 (non-binding) verified on Manjaro with CUDA: >> >>> >> >>> TEST_DEFAULT=0 \ >> >>> TEST_SOURCE=0 \ >> >>> TEST_INTEGRATION_CPP=1 \ >> >>> TEST_CPP=1 \ >> >>> TEST_PYTHON=1 \ >> >>> dev/release/verify-release-candidate.sh 10.0.0 0 >> >>> >> >>> TEST_DEFAULT=0 \ >> >>> TEST_SOURCE=0 \ >> >>> TEST_BINARY=1 \ >> >>> dev/release/verify-release-candidate.sh 10.0.0 0 >> >>> >> >>> with: >> >>> gcc 12.2.2 >> >>> cuda_11.7.r11.7/compiler.31442593_0 >> >>> python 3.10.7 >> >>> >> >>> Thanks! >> >>> >> >>> On Fri, Oct 21, 2022 at 8:07 AM Sutou Kouhei <k...@clear-code.com> >> >>> wrote: >> >>> >> >>>> Hi, >> >>>> >> >>>> I would like to propose the following release candidate (RC0) of >> >>>> Apache >> >>>> Arrow version 10.0.0. This is a release consisting of 470 >> >>>> resolved JIRA issues[1]. >> >>>> >> >>>> This release candidate is based on commit: >> >>>> 89f9a0948961f6e94f1ef5e4f310b707d22a3c11 [2] >> >>>> >> >>>> The source release rc0 is hosted at [3]. >> >>>> The binary artifacts are hosted at [4][5][6][7][8][9][10][11]. >> >>>> The changelog is located at [12]. >> >>>> >> >>>> Please download, verify checksums and signatures, run the unit tests, >> >>>> and vote on the release. See [13] for how to validate a release >> >>>> candidate. >> >>>> >> >>>> See also a verification result on GitHub pull request [14]. >> >>>> >> >>>> The vote will be open for at least 72 hours. >> >>>> >> >>>> [ ] +1 Release this as Apache Arrow 10.0.0 >> >>>> [ ] +0 >> >>>> [ ] -1 Do not release this as Apache Arrow 10.0.0 because... >> >>>> >> >>>> [1]: >> >>>> >> https://issues.apache.org/jira/issues/?jql=project%20%3D%20ARROW%20AND%20status%20in%20%28Resolved%2C%20Closed%29%20AND%20fixVersion%20%3D%2010.0.0 >> >>>> [2]: >> >>>> >> https://github.com/apache/arrow/tree/89f9a0948961f6e94f1ef5e4f310b707d22a3c11 >> >>>> [3]: >> >>>> https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-10.0.0-rc0 >> >>>> [4]: https://apache.jfrog.io/artifactory/arrow/almalinux-rc/ >> >>>> [5]: https://apache.jfrog.io/artifactory/arrow/amazon-linux-rc/ >> >>>> [6]: https://apache.jfrog.io/artifactory/arrow/centos-rc/ >> >>>> [7]: https://apache.jfrog.io/artifactory/arrow/debian-rc/ >> >>>> [8]: https://apache.jfrog.io/artifactory/arrow/java-rc/10.0.0-rc0 >> >>>> [9]: https://apache.jfrog.io/artifactory/arrow/nuget-rc/10.0.0-rc0 >> >>>> [10]: https://apache.jfrog.io/artifactory/arrow/python-rc/10.0.0-rc0 >> >>>> [11]: https://apache.jfrog.io/artifactory/arrow/ubuntu-rc/ >> >>>> [12]: >> >>>> >> https://github.com/apache/arrow/blob/89f9a0948961f6e94f1ef5e4f310b707d22a3c11/CHANGELOG.md >> >>>> [13]: >> >>>> >> https://cwiki.apache.org/confluence/display/ARROW/How+to+Verify+Release+Candidates >> >>>> [14]: https://github.com/apache/arrow/pull/14466 >> >>>> >> > >>
