> > Ajantha, regarding publishing kafka-connect-runtime to the confluent hub, > I don't know if we have a consensus that Iceberg project should publish the > dist zip file to the Confluent Hub. Feedbacks are welcomed. If yes, we > should update the `how-to-release` doc on pushing the zip file to the > Confluent Hub (steps and permission requirements etc.)
Hi, We’re holding off until the 1.10.0 release, since the previous version had dependency CVEs and wasn’t approved in the Confluent Hub. At the moment, we don’t yet have the necessary permissions, but we’re working with the Confluent team to resolve this. Once everything is set up correctly, the PMCs should have the required access to publish it. More details here: https://github.com/apache/iceberg/issues/10745 On Thu, Sep 4, 2025 at 9:34 PM Steven Wu <stevenz...@gmail.com> wrote: > > I will create a PR to fix that (quickly/short term) and also another > PR to remove the versions from the bundle artifacts (as we do in > spark-runtime and flink-runtime). > > JB, thanks for helping with both the quick and the long-term fixes. > Removing versions seems like a good idea. > > +1 for Ajantha's suggestion. If this is a blocker issue, we should update > the `how-to-release` doc so that the release manager can verify first. JB, > do you have a validation script that you can share? > > Ajantha, regarding publishing kafka-connect-runtime to the confluent hub, > I don't know if we have a consensus that Iceberg project should publish the > dist zip file to the Confluent Hub. Feedbacks are welcomed. If yes, we > should update the `how-to-release` doc on pushing the zip file to the > Confluent Hub (steps and permission requirements etc.) > > > > On Thu, Sep 4, 2025 at 12:56 AM Ajantha Bhat <ajanthab...@gmail.com> > wrote: > >> - LICENSE/NOTICE are not correct in the kafka-connect-runtime (not >>> really a problem as we don't distribute this artifact) >> >> >> JB, with 1.10.0 we are planning to publish kafka-connect-runtime in the >> confluent hub (we did a dependency version bump to fix CVE for this >> purpose). So, We need to fix this as well. >> >> Also, these problems are recurring before every release. Can we >> automate this or run a script before the release to replace versions in >> license and notice? >> >> - Ajantha >> >> On Thu, Sep 4, 2025 at 1:11 PM Jean-Baptiste Onofré <j...@nanthrax.net> >> wrote: >> >>> -1 (non binding) >>> >>> - signature and checksum are good >>> - LICENSE and NOTICE are good in the source distribution >>> - ASF header is present >>> - No binary file found in the source distribution >>> >>> However: >>> - LICENSE/NOTICE are not correct in aws-bundle: >>> * shaded netty version is 4.1.124.Final not 4.1.115.Final >>> * shaded AWS SDK version is 2.33.0 not 2.29.52 >>> * shaded aws-crt version is 0.38.9 not 0.33.3 >>> - LICENSE/NOTICE are not correct in azure-bundle: >>> * shaded azure-core-http-netty version is 1.15.13 not 1.15.7 >>> * shaded azure-identity version is 1.16.2 not 1.15.0 >>> * shaded azure-json version is 1.5.0 not 1.3.0 >>> * shaded azure-storage-blob version is 12.31.1 not 12.29.0 >>> * shaded azure-storage-common version is 12.30.1 not 12.28.0 >>> * shaded azure-storage-file-datalake version is 12.24.1 not 12.22.0 >>> * shaded azure-storage-internal-avro version is 12.16.1 not 12.14.0 >>> * shaded jackson version is 2.18.4 not 2.17.2 >>> * shaded netty version is 4.1.118.Final not 4.1.115.Final >>> * shaded asm version is 9.7.1 not 9.6 >>> - LICENSE/NOTICE are not correct in gcp-bundle >>> * shaded com.google.api:api-common version is 2.52.0 not 2.46.1 >>> * shaded gax version is 2.69.0 not 2.63.1 >>> * shaded google API grpc version is 2.55.0 not 2.50.0 >>> * shaded google auth version is 1.37.1 not 1.33.1 >>> * shaded google-cloud version is 2.59.0 not 2.53.1 >>> * shaded google-cloud-monitoring version is 3.73.0 not 3.63.0 >>> * shaded error_prone version is 2.38.0 not 2.36.0 >>> * shaded google-http-client version is 1.47.1 not 1.46.3 >>> * shaded google-oauth-client version is 1.39.0 not 1.37.0 >>> * shaded grpc version is 1.71.0 not 1.70.0 >>> * escapevelocity, incapture, asm are not shaded anymore >>> - LICENSE/NOTICE are not correct in the kafka-connect-runtime (not >>> really a problem as we don't distribute this artifact): the versions >>> in LICENSE don't match the versions of the artifacts in the lib folder >>> (azure-core, etc) >>> >>> I will create a PR to fix that (quickly/short term) and also another >>> PR to remove the versions from the bundle artifacts (as we do in >>> spark-runtime and flink-runtime). >>> >>> Regards >>> JB >>> >>> JB >>> >>> On Wed, Sep 3, 2025 at 5:42 PM Steven Wu <stevenz...@gmail.com> wrote: >>> > >>> > Hi Everyone, >>> > >>> > I propose that we release the following RC as the official Apache >>> Iceberg 1.10.0 release. >>> > >>> > The commit ID is 12ab7fc3d6d53534da02decdab99133853b36dfd >>> > * This corresponds to the tag: apache-iceberg-1.10.0-rc4 >>> > * https://github.com/apache/iceberg/commits/apache-iceberg-1.10.0-rc4 >>> > * >>> https://github.com/apache/iceberg/tree/12ab7fc3d6d53534da02decdab99133853b36dfd >>> > >>> > The release tarball, signature, and checksums are here: >>> > * >>> https://dist.apache.org/repos/dist/dev/iceberg/apache-iceberg-1.10.0-rc4 >>> > >>> > You can find the KEYS file here: >>> > * https://downloads.apache.org/iceberg/KEYS >>> > >>> > Convenience binary artifacts are staged on Nexus. The Maven repository >>> URL is: >>> > * >>> https://repository.apache.org/content/repositories/orgapacheiceberg-1268/ >>> > >>> > Please download, verify, and test. >>> > >>> > Instructions for verifying a release can be found here: >>> > * https://iceberg.apache.org/how-to-release/#how-to-verify-a-release >>> > >>> > Please vote in the next 72 hours. >>> > >>> > [ ] +1 Release this as Apache Iceberg 1.10.0 >>> > [ ] +0 >>> > [ ] -1 Do not release this because... >>> > >>> > Only PMC members have binding votes, but other community members are >>> encouraged to cast >>> > non-binding votes. This vote will pass if there are 3 binding +1 votes >>> and more binding >>> > +1 votes than -1 votes. >>> >>
