thanks. will kick off a new build. Did anyone else see problems with the gpg versions?
I destroyed the entire .gpgconf dir on the host i was building on; did manual verify after importing KEYS, and all seemed good. On Thu, 20 Mar 2025 at 04:37, Chris Nauroth <cnaur...@gmail.com> wrote: > This is committed to trunk and branch-1.4.0 now, ready for another RC. > Thanks to Aayush for the code review. > > Chris Nauroth > > > On Wed, Mar 19, 2025 at 1:51 PM Chris Nauroth <cnaur...@gmail.com> wrote: > > > -1 > > > > Signatures look good, but I found a few spots that need an update for the > > new protobuf version: > > > > https://issues.apache.org/jira/browse/HADOOP-19510 > > > > https://github.com/apache/hadoop-thirdparty/pull/44 > > > > Chris Nauroth > > > > > > On Tue, Mar 18, 2025 at 8:47 AM Wei-Chiu Chuang <weic...@apache.org> > > wrote: > > > >> I just did > >> gpg --verify <artifact>.tar.gz.asc <artifact>.tar.gz > >> > >> Ok after importing hadoop KEYS > >> <https://downloads.apache.org/hadoop/common/KEYS>, this is the output > >> which > >> looks good to me: > >> > >> gpg: Signature made Fri Mar 14 08:56:01 2025 PDT > >> gpg: using RSA key > 38237EE425050285077DB57AD22CF846DBB162A0 > >> gpg: Good signature from "Steve Loughran (ASF code sign key - 2018) < > >> ste...@apache.org>" [unknown] > >> gpg: aka "[jpeg image of size 8070]" [unknown] > >> gpg: aka "Steve Loughran <ste...@cloudera.com>" > [unknown] > >> gpg: aka "Steve Loughran <steve.lough...@gmail.com>" > >> [unknown] > >> gpg: aka "Steve Loughran <ste...@hortonworks.com>" > >> [unknown] > >> gpg: WARNING: This key is not certified with a trusted signature! > >> gpg: There is no indication that the signature belongs to the > >> owner. > >> Primary key fingerprint: 3823 7EE4 2505 0285 077D B57A D22C F846 DBB1 > >> 62A0 > >> > >> Sorry. False alarm! > >> > >> On Mon, Mar 17, 2025 at 12:31 PM Steve Loughran > >> <ste...@cloudera.com.invalid> > >> wrote: > >> > >> > can you give me what command you ran to check the signature, and see > if > >> you > >> > can update all your keys from the central servers? > >> > > >> > My key thinks it is not expired, so maybe its the KEYS file i need to > >> > update or you need to refresh your keys. I will have a look at the > keys > >> > file tomorrow > >> > > >> > On Fri, 14 Mar 2025 at 21:46, Wei-Chiu Chuang <weic...@apache.org> > >> wrote: > >> > > >> > > Looks like your GPG key expired? > >> > > > >> > > gpg: Signature made Fri Mar 14 08:56:00 2025 PDT > >> > > gpg: using RSA key > >> > 38237EE425050285077DB57AD22CF846DBB162A0 > >> > > gpg: Good signature from "Steve Loughran (ASF code sign key - > 2018) < > >> > > ste...@apache.org>" [expired] > >> > > gpg: aka "[jpeg image of size 8070]" [expired] > >> > > gpg: Note: This key has expired! > >> > > Primary key fingerprint: 3823 7EE4 2505 0285 077D B57A D22C F846 > DBB1 > >> > 62A0 > >> > > > >> > > On Fri, Mar 14, 2025 at 11:23 AM Steve Loughran > >> > > <ste...@cloudera.com.invalid> > >> > > wrote: > >> > > > >> > > > I have built a release candidate (RC0) for Hadoop-Thirdparty > 1.4.0. > >> > > > > >> > > > The RC is available at: > >> > > > > >> > > > >> > > >> > https://dist.apache.org/repos/dist/dev/hadoop/hadoop-thirdparty-1.4.0-RC0/ > >> > > > > >> > > > The git tag is release-1.4.0-RC0, > >> > > > and commit 5595f1357eaad02e1cfb660bcce7fd34515197ff > >> > > > > >> > > > The maven artifacts are staged at > >> > > > > >> > > https://repository.apache.org/content/repositories/orgapachehadoop-1433 > >> > > > > >> > > > Please try the release and vote. The vote will run for 5 days. > >> > > > > >> > > > I will vote once I've done more of the testing myself > >> > > > > >> > > > steve > >> > > > > >> > > > >> > > >> > > >
