Hi folks, As suspected above, the source package was signed with a different set of signing keys by accident. As the release manager, I will close this VOTE thread and reopen the vote with a new release candidate, with the corrected signature.
Thanks again to Kevin for quickly testing out the release and reporting the issue! Sung On Tue, Dec 17, 2024 at 5:43 PM Sung Yun <sungwy...@gmail.com> wrote: > > Hi Kevin, > > Thanks for the speedy response, and for reporting the issue! > > It sounds like the wrong credentials may have been used for signing. And my > self-verifying the signature on the same machine had glossed over that. > > I will re-verify the signature once I am back at my desk and follow up on the > next steps. Thanks, > > Sung > > On Tue, Dec 17, 2024 at 5:15 PM Kevin Liu <kevinjq...@apache.org> wrote: >> >> Hey Sung, >> >> Thanks for working on the 0.4.0 release! I went through a few steps to >> verify this release and ran into an issue verifying the signature. >> >> Cannot check the signature: >> ``` >> ➜ curl https://downloads.apache.org/iceberg/KEYS -o KEYS >> gpg --import KEYS >> ➜ gpg --verify apache-iceberg-rust-0.4.0-src.tar.gz.asc >> apache-iceberg-rust-0.4.0-src.tar.gz >> gpg: WARNING: unsafe permissions on homedir '/Users/kevinliu/.gnupg' >> gpg: Signature made Tue Dec 17 13:23:11 2024 PST >> gpg: using RSA key D41D8CC8DED1FD6495077949B6847531A1883DA4 >> gpg: Can't check signature: No public key >> ``` >> >> Checksum is OK >> ``` >> ➜ shasum -a 512 --check apache-iceberg-rust-0.4.0-src.tar.gz.sha512 >> apache-iceberg-rust-0.4.0-src.tar.gz: OK >> ``` >> >> The verify script requires `chmod` to execute, but this is not a blocker. >> ``` >> chmod +x ./scripts/verify.py >> ``` >> >> Best, >> Kevin Liu >> >> On Tue, Dec 17, 2024 at 1:50 PM Sung Yun <sungwy...@gmail.com> wrote: >>> >>> Hello, Apache Iceberg Rust Community, >>> >>> This is a call for a vote to release Apache Iceberg rust version >>> v0.4.0-rc.1. >>> >>> The tag to be voted on is v0.4.0-rc.1. >>> >>> The release candidate: >>> >>> https://dist.apache.org/repos/dist/dev/iceberg/apache-iceberg-rust-0.4.0-rc.1/ >>> >>> Keys to verify the release candidate: >>> >>> https://downloads.apache.org/iceberg/KEYS >>> >>> Git tag for the release: >>> >>> https://github.com/apache/iceberg-rust/releases/tag/v0.4.0-rc.1 >>> >>> The associated convenience artifact for pyiceberg_core can be >>> downloaded by running the following command: >>> >>> `pip install -i https://test.pypi.org/simple/ pyiceberg-core` >>> >>> All notable features and fixes introduced in this release are >>> documented in the changelog: >>> >>> https://github.com/apache/iceberg-rust/blob/main/CHANGELOG.md >>> >>> Please download, verify, and test. >>> >>> The VOTE will be open for at least 72 hours and until the necessary >>> number of votes are reached. >>> >>> [ ] +1 approve >>> [ ] +0 no opinion >>> [ ] -1 disapprove with the reason >>> >>> To learn more about Apache Iceberg, please see >>> https://rust.iceberg.apache.org/ >>> >>> Checklist for reference: >>> >>> [ ] Download links are valid. >>> [ ] Checksums and signatures. >>> [ ] LICENSE/NOTICE files exist >>> [ ] No unexpected binary files >>> [ ] All source files have ASF headers >>> [ ] Can compile from source >>> >>> More detailed checklist please refer to: >>> https://github.com/apache/iceberg-rust/tree/main/scripts >>> >>> To compile from source, please refer to: >>> https://github.com/apache/iceberg-rust/blob/main/CONTRIBUTING.md >>> >>> Here is a Python script in release to help you verify the release candidate: >>> >>> ./scripts/verify.py >>> >>> Thank you! >>> >>> Sung
