+1 (binding) - verified signatures - verified hashsums - built from source code with JDK 1.8 succeeded - checked Github release tag - checked release notes - reviewed the web PR
Best, Leonard > 2025年2月7日 19:08,Rui Fan <1996fan...@gmail.com> 写道: > > +1 (binding) > > 1. Verified the archives, checksums, and signatures > 2. Extracted and inspected the source code for binaries > 3. Built the source code > 4. Reviewed web PR and left one comment > > Best, > Rui > > On Fri, Feb 7, 2025 at 6:54 PM Gyula Fóra <gyula.f...@gmail.com> wrote: > >> +1 (binding) >> >> - Reviewed release notes >> - Verified hashes, signatures, built from source >> - Verified release artifacts >> - Checked website PR >> >> Cheers >> Gyula >> >> On Fri, Feb 7, 2025 at 10:16 AM David Radley <david_rad...@uk.ibm.com> >> wrote: >> >>> Hi Alex, >>> >>> +1 (non-binding) >>> I checked: >>> - Reviewed JIRA release notes >>> - Verify hashes and verify signatures >>> - Source code artifacts matching the current release >>> - Read the announcement blog and LGTM >>> >>> Thanks for the pointers. >>> >>> 1. Yes this worked >>> 2. this did not work but I downloaded the KEYS file and imported it and >>> gpg --import < KEYS worked >>> I got this warning with the verification. >>> Warning gpg: WARNING: This key is not certified with a trusted signature! >>> gpg: There is no indication that the signature belongs to the >>> owner. >>> >>> >>> >>> >>> From: Alexander Fedulov <alexander.fedu...@gmail.com> >>> Date: Wednesday, 5 February 2025 at 17:30 >>> To: dev@flink.apache.org <dev@flink.apache.org> >>> Subject: [EXTERNAL] Re: [VOTE] Release 1.20.1, release candidate #1 >>> Hi David, >>> >>> Thanks for verifying the release. >>> >>> 1. sha256 and sha512 are not expected to be the same. Try >>> shasum -a 512 flink-1.20.1-bin-scala_2.12.tgz >>> >>> 2. I believe you do not have my public key imported. You can find it >>> in the project KEYS file (afedulov) [1]. Try >>> gpg --keyserver keys.openpgp.org --recv-key 8C1FC56D16B0029D >>> >>> Best, >>> Alex >>> >>> [1] https://dist.apache.org/repos/dist/release/flink/KEYS >>> >>> On Tue, 4 Feb 2025 at 15:03, David Radley <david_rad...@uk.ibm.com> >> wrote: >>>> >>>> Hi Alex, >>>> Thanks for driving this release >>>> >>>> Checking the sha’s as per >> https://www.apache.org/info/verification.html >>> and see >>>> >>>> * shasum -a 256 flink-1.20.1-bin-scala_2.12.tgz >>>> 5fc4551cd11aee83a9569392339c43fb32a60847db456e1cb4fa64c8daae0186 >>> flink-1.20.1-bin-scala_2.12.tgz >>>> >>>> * >>> >> https://dist.apache.org/repos/dist/dev/flink/flink-1.20.1-rc1/flink-1.20.1-bin-scala_2.12.tgz.sha512 >>>> is >>>> >>> >> c50105a095839c663074d6a242e72d0e27886f584e0d568a89e3cf84b87da2b5cf188e230f65890a4622192ddad49b347d57ea5fe1c3510d27484b64a4b4c415 >>> flink-1.20.1-bin-scala_2.12.tgz >>>> >>>> I was expecting the long numbers to be the same. >>>> >>>> I was checking the asc file and got >>>> >>>> gpg --verify flink-1.20.1-bin-scala_2.12.tgz.asc >>> flink-1.20.1-bin-scala_2.12.tgz >>>> gpg: Signature made Wed 29 Jan 00:08:19 2025 GMT >>>> gpg: using RSA key >>> 5575E80D59BBB73C15A479B88C1FC56D16B0029D >>>> gpg: Can't check signature: No public key >>>> >>>> i.e. where appeared to be an error message. >>>> >>>> Am I missing something? >>>> kind regards, David. >>>> >>>> >>>> >>>> From: Alexander Fedulov <alexander.fedu...@gmail.com> >>>> Date: Wednesday, 29 January 2025 at 12:32 >>>> To: dev <dev@flink.apache.org> >>>> Subject: [EXTERNAL] [VOTE] Release 1.20.1, release candidate #1 >>>> Hi everyone, >>>> >>>> Please review and vote on the release candidate #1 for the version >>>> 1.20.1, as follows: >>>> [ ] +1, Approve the release >>>> [ ] -1, Do not approve the release (please provide specific comments) >>>> >>>> The staging area contains the following artifacts: >>>> * JIRA release notes [1], >>>> * the official Apache source release and binary convenience releases >>>> to be deployed to dist.apache.org [2], which are signed with the key >>>> with fingerprint 8C1FC56D16B0029D [3], >>>> * all artifacts to be deployed to the Maven Central Repository [4], >>>> * source code tag "release-1.20.1-rc1" [5], >>>> * website pull request listing the new release and adding announcement >>>> blog post [6]. >>>> >>>> The vote will be open for at least 72 hours. It is adopted by majority >>>> approval, with at least 3 PMC affirmative votes. >>>> >>>> Verification instruction can be found here [7] . You’re not required >>>> to verify everything, but please mention what you have tested along >>>> with your +/- vote. >>>> >>>> Thanks, >>>> Alex >>>> >>>> [1] >>> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12354994 >>>> [2] https://dist.apache.org/repos/dist/dev/flink/flink-1.20.1-rc1/ >>>> [3] https://dist.apache.org/repos/dist/release/flink/KEYS >>>> [4] >>> >> https://repository.apache.org/content/repositories/orgapacheflink-1783/org/apache/flink/ >>>> [5] https://github.com/apache/flink/tree/release-1.20.1-rc1 >>>> [6] https://github.com/apache/flink-web/pull/772 >>>> [7] >>> >> https://cwiki.apache.org/confluence/display/FLINK/Verifying+a+Flink+Release >>>> >>>> Unless otherwise stated above: >>>> >>>> IBM United Kingdom Limited >>>> Registered in England and Wales with number 741598 >>>> Registered office: Building C, IBM Hursley Office, Hursley Park Road, >>> Winchester, Hampshire SO21 2JN >>> >>> Unless otherwise stated above: >>> >>> IBM United Kingdom Limited >>> Registered in England and Wales with number 741598 >>> Registered office: Building C, IBM Hursley Office, Hursley Park Road, >>> Winchester, Hampshire SO21 2JN >>> >>
