Hey Julian,

Thanks for testing this release.

For 1), are you running `go get github.com/apache/calcite-avatica-go` in a new project?

You can instantiate a new project and add the avatica-go dependency using these steps:
1. mkdir myproject
2. cd myproject
3. go mod init github.com/jhyde/myproject
4. go get github.com/apache/calcite-avatica-go

For 2), I used the key in KEYS to sign the release, however, I think gpg does not trust any of the imported keys by default, which is why it shows that warning, so you will need to trust it yourself: see [1]. I think we previously also had that error when verifying the gpg signature for other releases, more recently: [2].

Francis

[1] https://superuser.com/questions/1435147/how-to-suppress-warning-this-key-is-not-certified-with-a-trusted-signature

[2] https://lists.apache.org/thread/joss8ndktwmvc9w62k26fh3fsjg261wn

On 25/03/2022 10:20 am, Julian Hyde wrote:
+1

Checked signatures and checksums, LICENSE, NOTICE, README.md. Checked that 
tar.gz contains same files as git.

Note #1. I ran

   go get github.com/apache/calcite-avatica-go 
<http://github.com/apache/calcite-avatica-go>

and got the error

   go get github.com/apache/calcite-avatica-go: no matching versions for query 
"upgrade"

I don’t know whether that is expected behavior.

Note #2. When I checked signatures I received the following output:

   gpg: Signature made Wed 23 Mar 2022 07:42:45 PM PDT
   gpg:                using RSA key 635665E0BE3F72552910CB74BBE44E923A970AB7
   gpg: Good signature from "Francis Chuang <[email protected]>" 
[unknown]
   gpg: WARNING: This key is not certified with a trusted signature!
   gpg:          There is no indication that the signature belongs to the owner.
   Primary key fingerprint: 6356 65E0 BE3F 7255 2910  CB74 BBE4 4E92 3A97 0AB7

Francis, Did you perhaps use a different signing key than the one in KEYS?

Julian
On Mar 24, 2022, at 3:54 AM, Stamatis Zampetakis <[email protected]> wrote:

Ubuntu 20.04.4 LTS, docker-compose version 1.25.5, build 8a1c60f6

* Checked signatures and checksums OK
* Went over release note OK
* Built from git tag and run tests (docker-compose run test) OK
* Built from source artifacts and run tests OK
* Checked diff between repo and release sources OK
* Checked LICENSE, NOTICE, README.md OK

+1 (binding)

Best,
Stamatis


On Thu, Mar 24, 2022 at 3:45 AM Francis Chuang <[email protected]>
wrote:

Hi all,

I have created a release for Apache Calcite Avatica Go 5.1.0, release
candidate 0.

Thanks to everyone who has contributed to this release. The release
notes are available here:

https://github.com/apache/calcite-avatica-go/blob/c232d7bafd26d4798a2e7fc8335eff1259c0178d/site/_docs/go_history.md

The commit to be voted on:

https://gitbox.apache.org/repos/asf?p=calcite-avatica-go.git;a=commit;h=c232d7bafd26d4798a2e7fc8335eff1259c0178d

The hash is c232d7bafd26d4798a2e7fc8335eff1259c0178d

The artifacts to be voted on are located here:

https://dist.apache.org/repos/dist/dev/calcite/apache-calcite-avatica-go-5.1.0-rc0/

The hashes of the artifacts are as follows:
src.tar.gz 5BCA4C08 1C5AD9AD 633355C8 582D7347 602E7088 08B1A87C
C868BA8B 98C6B4FB ED88A6D9 B111BFB9 3F3A0E45 FDEF7E03 E797E02E FD7CFBFC
F3CE0EA8 18C00BAA

Release artifacts are signed with the following key:
https://people.apache.org/keys/committer/francischuang.asc

Instructions for running the test suite is located here:

https://github.com/apache/calcite-avatica-go/blob/c232d7bafd26d4798a2e7fc8335eff1259c0178d/site/develop/avatica-go.md#testing

Please vote on releasing this package as Apache Calcite Avatica Go 5.1.0.

To run the tests without a Go environment, install docker and
docker-compose. Then, in the root of the release's directory, run:
docker-compose run test

When the test suite completes, run "docker-compose down" to remove and
shutdown all the containers.

The vote is open for the next 72 hours and passes if a majority of at
least three +1 PMC votes are cast.

[ ] +1 Release this package as Apache Calcite Avatica Go 5.1.0
[ ]  0 I don't feel strongly about it, but I'm okay with the release
[ ] -1 Do not release this package because...


Here is my vote:

+1 (binding)

Francis



Reply via email to