When verifying <https://iceberg.apache.org/how-to-release/#verifying-signatures> signatures. I got a warning. Am I missing something with the gpg configuration?
gpg: assuming signed data in 'apache-iceberg-1.9.1.tar.gz' gpg: Signature made Wed May 21 15:19:17 2025 PDT gpg: using RSA key xxx gpg: Good signature from "Russell Spitzer (CODE SIGNING KEY) <russellspit...@apache.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: x Verified checksums, local build and ran basic tests on Spark 3.5. If the warning is ok to ignore, +1 (non-binding) - Karuppayya On Tue, May 27, 2025 at 7:29 AM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > +1 (non binding) > > I checked: > * source distribution > ** checksum and signature are good > ** LICENSE and NOTICE look good > ** No binary file found in the source distribution > ** Header looks good in files > ** Build works from the source distribution > ** Tested with Spark and Polaris > * in the bundled jar files: > ** aws-bundle jar contains correct LICENSE/NOTICE > ** azure-bundle jar contains LICENSE/NOTICE, nit: Azure MIT license > content should be part of the LICENSE (inline). I will fix that. > ** gcp-bundle jar contains LICENSE/NOTICE, nit: Google BSD 3-Clause > license content should be part of the LICENSE (inline), and some > dependencies have dual licenses, only one should be "selected" in > Iceberg (exclusive). I will fix that. > ** kafka-runtime (main and hive) contains LICENSE/NOTICE, nit: same > issue as in azure-bundle and gcp-bundle about exclusive license and > MIT/BSD license content > > Regards > JB > > On Thu, May 22, 2025 at 1:19 AM Russell Spitzer > <russell.spit...@gmail.com> wrote: > > > > Hi Y'all, > > > > I propose that we release the following RC as the official Apache > Iceberg 1.9.1 release. > > > > The commit ID is f40208ae6fb2f33e578c2637d3dea1db18739f31 > > * This corresponds to the tag: apache-iceberg-1.9.1-rc1 > > * https://github.com/apache/iceberg/commits/apache-iceberg-1.9.1-rc1 > > * > https://github.com/apache/iceberg/tree/f40208ae6fb2f33e578c2637d3dea1db18739f31 > > > > The release tarball, signature, and checksums are here: > > * > https://dist.apache.org/repos/dist/dev/iceberg/apache-iceberg-1.9.1-rc1 > > > > You can find the KEYS file here: > > * https://downloads.apache.org/iceberg/KEYS > > > > Convenience binary artifacts are staged on Nexus. The Maven repository > URL is: > > * > https://repository.apache.org/content/repositories/orgapacheiceberg-1202/ > > > > Please download, verify, and test. > > > > Please vote in the next 72 hours. > > > > [ ] +1 Release this as Apache Iceberg 1.9.1 > > [ ] +0 > > [ ] -1 Do not release this because... > > > > Only PMC members have binding votes, but other community members are > encouraged to cast > > non-binding votes. This vote will pass if there are 3 binding +1 votes > and more binding > > +1 votes than -1 votes. > > > > --- > > > > For those watching the big change between this and RC0 was the reversion > of code which > > caused the rest client to emit multiple Snapshot Removals Requests in > the same MetadataUpdate. > > This restores the behavior to that of 1.8.X, 1 removal per update. > > We plan to move to the new behavior in a later release >
