Vlad Rozov created SPARK-50816:
----------------------------------
Summary: 3.5.4 Spark Apache release is not verifiable
Key: SPARK-50816
URL: https://issues.apache.org/jira/browse/SPARK-50816
Project: Spark
Issue Type: Bug
Components: Project Infra
Affects Versions: 3.5.4
Reporter: Vlad Rozov
The [KEYS|https://downloads.apache.org/spark/KEYS] were not updated with the
[KEYS|https://dist.apache.org/repos/dist/dev/spark/KEYS] used to sign 3.5.4
release artifacts, making 3.5.4 release not verifiable:
{code:bash}
gpg --dearmor KEYS.txt
gpg --dearmor spark-3.5.4.tgz.asc
gpg --dry-run --no-default-keyring --keyring KEYS.txt.gpg --homedir ./
--verify ./spark-3.5.4.tgz.asc.gpg ./spark-3.5.4.tgz
gpg: Signature made Mon Dec 16 20:15:35 2024 PST
gpg: using RSA key 19F745C40A0E550420BB2C522541488DA93FE4B4
gpg: Can't check signature: No public key
{code}
See: https://lists.apache.org/thread/4p5sdvhcyyx6zfn9tofokzv7h15zj26y
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
