-1 (binding) Indeed, many (all?) .asc files appear to be full signed archives (large files), not detached signatures.
For example: $ file polaris-quarkus-server-0.10.0-beta-incubating.tgz.asc polaris-quarkus-server-0.10.0-beta-incubating.tgz.asc: PGP signed message $ du -sm polaris-quarkus-server-0.10.0-beta-incubating.tgz.asc 179 polaris-quarkus-server-0.10.0-beta-incubating.tgz.asc Cheers, Dmitri. On Fri, May 23, 2025 at 6:27 PM Russell Spitzer <russell.spit...@gmail.com> wrote: > +1 (Binding) > > Checked all the normal things > 1. Build / Test > 2. Checksums > 3. Smoke tested Server and Admin jars > 4. GPG Signatures (Issues below) > > Only did a quick pass on Helm Licenses/Notice and Friends but all look good > to me now. > > I do have one question because I seem to be having issues (if this isn't > the case I may have to be -1). I seem to have > problems checking the GPG signatures. > > The source gives me a valid signing > > All the other distribution files give me "Not a detached signature". > > ➜ 10.0-rc4 gpg --verify > polaris-quarkus-admin-0.10.0-beta-incubating.tgz.asc > gpg: Signature made Fri May 23 00:43:25 2025 CDT > gpg: using RSA key 1AA8CF92D409A73393D0B736BFF2EE42C8282E76 > gpg: Good signature from "Jean-Baptiste Onofré <jbono...@apache.org>" > [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 1AA8 CF92 D409 A733 93D0 B736 BFF2 EE42 C828 2E76 > *gpg: WARNING: not a detached signature; file > 'polaris-quarkus-admin-0.10.0-beta-incubating.tgz' was NOT verified!* > > On Fri, May 23, 2025 at 10:25 AM Jean-Baptiste Onofré <j...@nanthrax.net> > wrote: > > > Hi everyone > > > > I propose that we release the following RC (RC4) as the official > > Apache Polaris 0.10.0-beta-incubating release. Compared to RC3, RC4 fixes > > the LICENSE/NOTICE in the Heml chart. > > > > * This corresponds to the tag: apache-polaris-0.10.0-beta-incubating-rc4 > > * > > > > > https://github.com/apache/polaris/commits/apache-polaris-0.10.0-beta-incubating-rc4 > > * > > > > > https://github.com/apache/polaris/tree/52e30f0378d6092880918b15a34a6c6b4d51c1f8 > > > > The release source distribution tarball, signature, and checksum are > > staged here: > > * tgz: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/apache-polaris-0.10.0-beta-incubating.tar.gz > > * sha512: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/apache-polaris-0.10.0-beta-incubating.tar.gz.sha512 > > * gpg: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/apache-polaris-0.10.0-beta-incubating.tar.gz.asc > > > > You can find the KEYS file here: > > * https://downloads.apache.org/incubator/polaris/KEYS > > > > For convenience, the following binary artifacts are available: > > * Staging Maven repository > > ** > > > https://repository.apache.org/content/repositories/orgapachepolaris-1019/ > > NB: there's no uber/shade jar on the Staging Maven repository. > > * Staging binary distributions (server and admin tool) tarball, > > signature, and checksum: > > ** Server: > > *** tgz: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-server-0.10.0-beta-incubating.tgz > > *** tgz sha512: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-server-0.10.0-beta-incubating.tgz.sha512 > > *** tgz gpg: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-server-0.10.0-beta-incubating.tgz.asc > > *** zip: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-server-0.10.0-beta-incubating.zip > > *** zip sha512: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-server-0.10.0-beta-incubating.zip.sha512 > > *** zip gpg: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-server-0.10.0-beta-incubating.zip.asc > > ** Admin Tool: > > *** tgz: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-admin-0.10.0-beta-incubating.tgz > > *** tgz sha512: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-admin-0.10.0-beta-incubating.tgz.sha512 > > *** tgz gpg: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-admin-0.10.0-beta-incubating.tgz.asc > > *** zip: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-admin-0.10.0-beta-incubating.zip > > *** zip sha512: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-admin-0.10.0-beta-incubating.zip.sha512 > > *** zip gpg: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-0.10.0-beta-incubating/polaris-quarkus-admin-0.10.0-beta-incubating.zip.asc > > * Staging Docker images: > > ** Server: > > > > > https://hub.docker.com/layers/apache/polaris/0.10.0-beta-incubating-rc4/images/sha256-6364581b39ccd1d1684044f03aebd9c3d37afbc45f9b00e610b1c2553c701b69 > > * Helm charts: > > ** tgz: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/helm-chart/apache-polaris-helm-chart-0.10.0-beta-incubating.tar.gz > > ** tgz sha512: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/helm-chart/apache-polaris-helm-chart-0.10.0-beta-incubating.tar.gz.sha512 > > ** tgz gpg: > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/helm-chart/apache-polaris-helm-chart-0.10.0-beta-incubating.tar.gz.asc > > > > Please download, verify, and test. > > > > Please vote in the next 72 hours. > > > > [ ] +1 Release this as Apache polaris 0.10.0-beta-incubating > > [ ] +0 > > [ ] -1 Do not release this because... > > > > Only PPMC members and mentors have binding votes, but other community > > members are > > encouraged to cast non-binding votes. This vote will pass if there are > > 3 binding +1 votes and more binding +1 votes than -1 votes. > > > > NB: if this vote passes, a new vote has to be started on the Incubator > > general mailing > > list. > > > > Thanks > > Regards > > > > JB > > >