Re: [VOTE] Release Apache Hadoop Thirdparty 1.4.0

Wei-Chiu Chuang Tue, 18 Mar 2025 08:48:25 -0700

I just did
gpg --verify <artifact>.tar.gz.asc <artifact>.tar.gz

Ok after importing hadoop KEYS
<https://downloads.apache.org/hadoop/common/KEYS>, this is the output which
looks good to me:

gpg: Signature made Fri Mar 14 08:56:01 2025 PDT
gpg:                using RSA key 38237EE425050285077DB57AD22CF846DBB162A0
gpg: Good signature from "Steve Loughran (ASF code sign key  - 2018) <
ste...@apache.org>" [unknown]
gpg:                 aka "[jpeg image of size 8070]" [unknown]
gpg:                 aka "Steve Loughran <ste...@cloudera.com>" [unknown]
gpg:                 aka "Steve Loughran <steve.lough...@gmail.com>"
[unknown]
gpg:                 aka "Steve Loughran <ste...@hortonworks.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 3823 7EE4 2505 0285 077D  B57A D22C F846 DBB1 62A0

Sorry. False alarm!

On Mon, Mar 17, 2025 at 12:31 PM Steve Loughran <ste...@cloudera.com.invalid>
wrote:

> can you give me what command you ran to check the signature, and see if you
> can update all your keys from the central servers?
>
> My key thinks it is not expired, so maybe its the KEYS file i need to
> update or you need to refresh your keys. I will have a look at the keys
> file tomorrow
>
> On Fri, 14 Mar 2025 at 21:46, Wei-Chiu Chuang <weic...@apache.org> wrote:
>
> > Looks like your GPG key expired?
> >
> > gpg: Signature made Fri Mar 14 08:56:00 2025 PDT
> > gpg:                using RSA key
> 38237EE425050285077DB57AD22CF846DBB162A0
> > gpg: Good signature from "Steve Loughran (ASF code sign key  - 2018) <
> > ste...@apache.org>" [expired]
> > gpg:                 aka "[jpeg image of size 8070]" [expired]
> > gpg: Note: This key has expired!
> > Primary key fingerprint: 3823 7EE4 2505 0285 077D  B57A D22C F846 DBB1
> 62A0
> >
> > On Fri, Mar 14, 2025 at 11:23 AM Steve Loughran
> > <ste...@cloudera.com.invalid>
> > wrote:
> >
> > > I have built a release candidate (RC0) for Hadoop-Thirdparty 1.4.0.
> > >
> > > The RC is available at:
> > >
> >
> https://dist.apache.org/repos/dist/dev/hadoop/hadoop-thirdparty-1.4.0-RC0/
> > >
> > > The git tag is release-1.4.0-RC0,
> > > and commit 5595f1357eaad02e1cfb660bcce7fd34515197ff
> > >
> > > The maven artifacts are staged at
> > >
> https://repository.apache.org/content/repositories/orgapachehadoop-1433
> > >
> > > Please try the release and vote. The vote will run for 5 days.
> > >
> > > I will vote once I've done more of the testing myself
> > >
> > > steve
> > >
> >
>

Re: [VOTE] Release Apache Hadoop Thirdparty 1.4.0

Reply via email to