Hi Dongjoon, Thanks for the vote!
"polaris-1.0.0-incubating.tgz" comes with the checksum and signature. They are located in the file "polaris-1.0.0-incubating.tgz.prov". You can check them with a command like `cat polaris-1.0.0-incubating.tgz.prov`. It is the way Helm Chart delivers its binary package. And you can use a command like `helm verify polaris-1.0.0-incubating.tgz` to verify its signature and checksum. The .asc file and .sha512 duplicate what's inside *.prov, however, I can see that people may find it convenient if they are not familiar with the Helm tools. We can easily add them if that's something we do care about. WDYT? Yufei On Thu, Jul 3, 2025 at 2:33 PM Dongjoon Hyun <dongj...@apache.org> wrote: > +1 (non-binding) > > Thank you, Yufei. > > I also checked the checksum and signatures of artifacts, and built and > tested from the source. Helm chart installation also works with "--set > image.tag=latest". > > Just a question, is it okay `polaris-1.0.0-incubating.tgz` has no > checksum/signiture? > > $ tree helm-chart > helm-chart > ├── 1.0.0-incubating > │ ├── polaris-1.0.0-incubating.tgz > │ └── polaris-1.0.0-incubating.tgz.prov > └── index.yaml > > Since the artifacts will be distributed in ASF channel, can we add > `polaris-1.0.0-incubating.tgz.asc` and > `polaris-1.0.0-incubating.tgz.sha512` additionally like Apache Airflow > project? > > https://dist.apache.org/repos/dist/release/airflow/helm-chart/1.17.0/ > > airflow-1.17.0.tgz > airflow-1.17.0.tgz.asc > airflow-1.17.0.tgz.prov > airflow-1.17.0.tgz.sha512 > > Thanks, > Dongjoon. > > On 2025/07/03 13:23:26 William Hyun wrote: > > +1 (non-binding) > > > > I verified the following: > > - Source tarball (shasum and GPG signature) > > - Build and test > > - Verified server binary distribution > > > > Bests, > > William > > > > On Thu, Jul 3, 2025 at 4:13 AM Alex Dutra <alex.du...@dremio.com.invalid > > > > wrote: > > > > > +1 (non-binding) > > > > > > Checked: > > > > > > * Checksums & signatures > > > * Source release builds, passes tests, and has no binary files > > > * Binary release: server & admin tool both work > > > * Helm chart: helm verify, lint, pull & install work (the Docker image > must > > > be manually built) > > > > > > Thanks, > > > Alex > > > > > > On Thu, Jul 3, 2025 at 5:47 AM Jean-Baptiste Onofré <j...@nanthrax.net> > > > wrote: > > > > > > > +1 (binding) > > > > > > > > I checked: > > > > - Source distribution > > > > -- incubating is in the version > > > > -- signature and checksum are good > > > > -- DISCLAIMER is present > > > > -- LICENSE and NOTICE are good (personally, I think NOTICE should not > > > > mention Nessie as it's just the copyright and already in the LICENSE, > > > > but one IPMC asked that during 0.9.0 release vote) > > > > -- No binary file found in the source distribution > > > > -- Headers look correct (NB: the files without header are coming from > > > > other projects as mentioned in the LICENSE file and the original file > > > > doesn't contain a header, like Docsy or Mustache templates). Nit: the > > > > svg file (from the project) could contain ASF header. > > > > -- Build works from source distribution > > > > - Binary distribution > > > > -- incubating is in the version > > > > -- signature and checksum are good > > > > -- DISCLAIMER is present > > > > -- LICENSE and NOTICE look good > > > > -- Can start Polaris server from the binary distribution > > > > - Helm Chart Package > > > > -- incubating is in the version > > > > -- DISCLAIMER is present > > > > -- LICENSE and NOTICE are good > > > > -- Signature and checksum are good in prov file > > > > -- Header are ok as it's a helm chart "package" (not source > distribution) > > > > - Bundle jar files (Spark plugin) > > > > -- incubating is in the name > > > > -- signature and checksum are good on the staging Maven repository > > > > -- LICENSE and NOTICE look good (documented all bundled artifacts in > > > > the Spark plugin) > > > > > > > > Regards > > > > JB > > > > > > > > On Wed, Jul 2, 2025 at 8:55 PM Yufei Gu <flyrain...@gmail.com> > wrote: > > > > > > > > > > Hi everyone, > > > > > > > > > > I propose that we release the following RC as the official Apache > > > Polaris > > > > > 1.0.0-incubating release. > > > > > > > > > > This corresponds to the tag: apache-polaris-1.0.0-incubating-rc6 > > > > > * > > > > > > > > > > > > > https://github.com/apache/polaris/commits/apache-polaris-1.0.0-incubating-rc6 > > > > > * > > > > > > > > > > > > > https://github.com/apache/polaris/tree/a701f105c5d44565ac0ea86db45edbcebdbed718 > > > > > NB: it's exactly the same as RC5 except for this commit: > > > > > > > > > > > > > https://github.com/apache/polaris/commit/a701f105c5d44565ac0ea86db45edbcebdbed718 > > > > > > > > > > The release tarball, signature, and checksums are here, including > both > > > > > source code and binary distributions: > > > > > * > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-1.0.0-incubating/ > > > > > > > > > > > > > > > A binary package for Helm chart: > > > > > > > > > > * > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/helm-chart/1.0.0-incubating/ > > > > > NB: File > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/helm-chart/1.0.0-incubating/polaris-1.0.0-incubating.tgz.prov > > > > > contains > > > > > both signature and checksum for the package. Please verify it with > the > > > > > command `helm verify`. > > > > > The docker images (polaris-server and polaris-admin) will be > published > > > on > > > > > DockerHub once the release vote passes. > > > > > > > > > > You can find the KEYS file here: > > > > > * https://downloads.apache.org/incubator/polaris/KEYS > > > > > > > > > > Convenience binary artifacts are staged on Nexus. The Maven > repository > > > > URL > > > > > is: > > > > > * > > > > > > > > https://repository.apache.org/content/repositories/orgapachepolaris-1027/ > > > > > > > > > > Please download, verify, and test. > > > > > > > > > > Please vote in the next 72 hours. > > > > > > > > > > [ ] +1 Release this as Apache polaris 1.0.0-incubating > > > > > [ ] +0 > > > > > [ ] -1 Do not release this because... > > > > > > > > > > Only PPMC members and mentors have binding votes, but other > community > > > > > members are > > > > > encouraged to cast non-binding votes. This vote will pass if there > are > > > 3 > > > > > binding +1 votes and more binding +1 votes than -1 votes. > > > > > > > > > > NB: if this vote passes, a new vote has to be started on the > Incubator > > > > > general mailing list. > > > > > > > > > > Yufei > > > > > > > > > >
