+1 (binding) 1. Verified the archives, checksums, and signatures 2. Extracted and inspected the source code for binaries 3. Built the source code 4. Reviewed web PR and left one comment
Best, Rui On Fri, Feb 7, 2025 at 6:54 PM Gyula Fóra <gyula.f...@gmail.com> wrote: > +1 (binding) > > - Reviewed release notes > - Verified hashes, signatures, built from source > - Verified release artifacts > - Checked website PR > > Cheers > Gyula > > On Fri, Feb 7, 2025 at 10:16 AM David Radley <david_rad...@uk.ibm.com> > wrote: > > > Hi Alex, > > > > +1 (non-binding) > > I checked: > > - Reviewed JIRA release notes > > - Verify hashes and verify signatures > > - Source code artifacts matching the current release > > - Read the announcement blog and LGTM > > > > Thanks for the pointers. > > > > 1. Yes this worked > > 2. this did not work but I downloaded the KEYS file and imported it and > > gpg --import < KEYS worked > > I got this warning with the verification. > > Warning gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to the > > owner. > > > > > > > > > > From: Alexander Fedulov <alexander.fedu...@gmail.com> > > Date: Wednesday, 5 February 2025 at 17:30 > > To: dev@flink.apache.org <dev@flink.apache.org> > > Subject: [EXTERNAL] Re: [VOTE] Release 1.20.1, release candidate #1 > > Hi David, > > > > Thanks for verifying the release. > > > > 1. sha256 and sha512 are not expected to be the same. Try > > shasum -a 512 flink-1.20.1-bin-scala_2.12.tgz > > > > 2. I believe you do not have my public key imported. You can find it > > in the project KEYS file (afedulov) [1]. Try > > gpg --keyserver keys.openpgp.org --recv-key 8C1FC56D16B0029D > > > > Best, > > Alex > > > > [1] https://dist.apache.org/repos/dist/release/flink/KEYS > > > > On Tue, 4 Feb 2025 at 15:03, David Radley <david_rad...@uk.ibm.com> > wrote: > > > > > > Hi Alex, > > > Thanks for driving this release > > > > > > Checking the sha’s as per > https://www.apache.org/info/verification.html > > and see > > > > > > * shasum -a 256 flink-1.20.1-bin-scala_2.12.tgz > > > 5fc4551cd11aee83a9569392339c43fb32a60847db456e1cb4fa64c8daae0186 > > flink-1.20.1-bin-scala_2.12.tgz > > > > > > * > > > https://dist.apache.org/repos/dist/dev/flink/flink-1.20.1-rc1/flink-1.20.1-bin-scala_2.12.tgz.sha512 > > > is > > > > > > c50105a095839c663074d6a242e72d0e27886f584e0d568a89e3cf84b87da2b5cf188e230f65890a4622192ddad49b347d57ea5fe1c3510d27484b64a4b4c415 > > flink-1.20.1-bin-scala_2.12.tgz > > > > > > I was expecting the long numbers to be the same. > > > > > > I was checking the asc file and got > > > > > > gpg --verify flink-1.20.1-bin-scala_2.12.tgz.asc > > flink-1.20.1-bin-scala_2.12.tgz > > > gpg: Signature made Wed 29 Jan 00:08:19 2025 GMT > > > gpg: using RSA key > > 5575E80D59BBB73C15A479B88C1FC56D16B0029D > > > gpg: Can't check signature: No public key > > > > > > i.e. where appeared to be an error message. > > > > > > Am I missing something? > > > kind regards, David. > > > > > > > > > > > > From: Alexander Fedulov <alexander.fedu...@gmail.com> > > > Date: Wednesday, 29 January 2025 at 12:32 > > > To: dev <dev@flink.apache.org> > > > Subject: [EXTERNAL] [VOTE] Release 1.20.1, release candidate #1 > > > Hi everyone, > > > > > > Please review and vote on the release candidate #1 for the version > > > 1.20.1, as follows: > > > [ ] +1, Approve the release > > > [ ] -1, Do not approve the release (please provide specific comments) > > > > > > The staging area contains the following artifacts: > > > * JIRA release notes [1], > > > * the official Apache source release and binary convenience releases > > > to be deployed to dist.apache.org [2], which are signed with the key > > > with fingerprint 8C1FC56D16B0029D [3], > > > * all artifacts to be deployed to the Maven Central Repository [4], > > > * source code tag "release-1.20.1-rc1" [5], > > > * website pull request listing the new release and adding announcement > > > blog post [6]. > > > > > > The vote will be open for at least 72 hours. It is adopted by majority > > > approval, with at least 3 PMC affirmative votes. > > > > > > Verification instruction can be found here [7] . You’re not required > > > to verify everything, but please mention what you have tested along > > > with your +/- vote. > > > > > > Thanks, > > > Alex > > > > > > [1] > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12354994 > > > [2] https://dist.apache.org/repos/dist/dev/flink/flink-1.20.1-rc1/ > > > [3] https://dist.apache.org/repos/dist/release/flink/KEYS > > > [4] > > > https://repository.apache.org/content/repositories/orgapacheflink-1783/org/apache/flink/ > > > [5] https://github.com/apache/flink/tree/release-1.20.1-rc1 > > > [6] https://github.com/apache/flink-web/pull/772 > > > [7] > > > https://cwiki.apache.org/confluence/display/FLINK/Verifying+a+Flink+Release > > > > > > Unless otherwise stated above: > > > > > > IBM United Kingdom Limited > > > Registered in England and Wales with number 741598 > > > Registered office: Building C, IBM Hursley Office, Hursley Park Road, > > Winchester, Hampshire SO21 2JN > > > > Unless otherwise stated above: > > > > IBM United Kingdom Limited > > Registered in England and Wales with number 741598 > > Registered office: Building C, IBM Hursley Office, Hursley Park Road, > > Winchester, Hampshire SO21 2JN > > >
