thanks. will kick off a new build. Did anyone else see problems with the gpg versions?
I destroyed the entire .gpgconf dir on the host i was building on; did manual verify after importing KEYS, and all seemed good. On Thu, 20 Mar 2025 at 04:37, Chris Nauroth <[email protected]> wrote: > This is committed to trunk and branch-1.4.0 now, ready for another RC. > Thanks to Aayush for the code review. > > Chris Nauroth > > > On Wed, Mar 19, 2025 at 1:51 PM Chris Nauroth <[email protected]> wrote: > > > -1 > > > > Signatures look good, but I found a few spots that need an update for the > > new protobuf version: > > > > https://issues.apache.org/jira/browse/HADOOP-19510 > > > > https://github.com/apache/hadoop-thirdparty/pull/44 > > > > Chris Nauroth > > > > > > On Tue, Mar 18, 2025 at 8:47 AM Wei-Chiu Chuang <[email protected]> > > wrote: > > > >> I just did > >> gpg --verify <artifact>.tar.gz.asc <artifact>.tar.gz > >> > >> Ok after importing hadoop KEYS > >> <https://downloads.apache.org/hadoop/common/KEYS>, this is the output > >> which > >> looks good to me: > >> > >> gpg: Signature made Fri Mar 14 08:56:01 2025 PDT > >> gpg: using RSA key > 38237EE425050285077DB57AD22CF846DBB162A0 > >> gpg: Good signature from "Steve Loughran (ASF code sign key - 2018) < > >> [email protected]>" [unknown] > >> gpg: aka "[jpeg image of size 8070]" [unknown] > >> gpg: aka "Steve Loughran <[email protected]>" > [unknown] > >> gpg: aka "Steve Loughran <[email protected]>" > >> [unknown] > >> gpg: aka "Steve Loughran <[email protected]>" > >> [unknown] > >> gpg: WARNING: This key is not certified with a trusted signature! > >> gpg: There is no indication that the signature belongs to the > >> owner. > >> Primary key fingerprint: 3823 7EE4 2505 0285 077D B57A D22C F846 DBB1 > >> 62A0 > >> > >> Sorry. False alarm! > >> > >> On Mon, Mar 17, 2025 at 12:31 PM Steve Loughran > >> <[email protected]> > >> wrote: > >> > >> > can you give me what command you ran to check the signature, and see > if > >> you > >> > can update all your keys from the central servers? > >> > > >> > My key thinks it is not expired, so maybe its the KEYS file i need to > >> > update or you need to refresh your keys. I will have a look at the > keys > >> > file tomorrow > >> > > >> > On Fri, 14 Mar 2025 at 21:46, Wei-Chiu Chuang <[email protected]> > >> wrote: > >> > > >> > > Looks like your GPG key expired? > >> > > > >> > > gpg: Signature made Fri Mar 14 08:56:00 2025 PDT > >> > > gpg: using RSA key > >> > 38237EE425050285077DB57AD22CF846DBB162A0 > >> > > gpg: Good signature from "Steve Loughran (ASF code sign key - > 2018) < > >> > > [email protected]>" [expired] > >> > > gpg: aka "[jpeg image of size 8070]" [expired] > >> > > gpg: Note: This key has expired! > >> > > Primary key fingerprint: 3823 7EE4 2505 0285 077D B57A D22C F846 > DBB1 > >> > 62A0 > >> > > > >> > > On Fri, Mar 14, 2025 at 11:23 AM Steve Loughran > >> > > <[email protected]> > >> > > wrote: > >> > > > >> > > > I have built a release candidate (RC0) for Hadoop-Thirdparty > 1.4.0. > >> > > > > >> > > > The RC is available at: > >> > > > > >> > > > >> > > >> > https://dist.apache.org/repos/dist/dev/hadoop/hadoop-thirdparty-1.4.0-RC0/ > >> > > > > >> > > > The git tag is release-1.4.0-RC0, > >> > > > and commit 5595f1357eaad02e1cfb660bcce7fd34515197ff > >> > > > > >> > > > The maven artifacts are staged at > >> > > > > >> > > https://repository.apache.org/content/repositories/orgapachehadoop-1433 > >> > > > > >> > > > Please try the release and vote. The vote will run for 5 days. > >> > > > > >> > > > I will vote once I've done more of the testing myself > >> > > > > >> > > > steve > >> > > > > >> > > > >> > > >> > > >
