[
https://issues.apache.org/jira/browse/SPARK-50816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dongjoon Hyun updated SPARK-50816:
----------------------------------
Attachment: Screenshot 2025-01-15 at 12.00.58.png
> 3.5.4 Spark Apache release is not verifiable
> --------------------------------------------
>
> Key: SPARK-50816
> URL: https://issues.apache.org/jira/browse/SPARK-50816
> Project: Spark
> Issue Type: Bug
> Components: Project Infra
> Affects Versions: 3.5.4
> Reporter: Vlad Rozov
> Assignee: Dongjoon Hyun
> Priority: Blocker
> Fix For: 3.5.4
>
> Attachments: Screenshot 2025-01-15 at 12.00.58.png
>
>
> The [KEYS|https://downloads.apache.org/spark/KEYS] were not updated with the
> [KEYS|https://dist.apache.org/repos/dist/dev/spark/KEYS] used to sign 3.5.4
> release artifacts, making 3.5.4 release not verifiable:
> {code:bash}
> gpg --dearmor KEYS.txt
> gpg --dearmor spark-3.5.4.tgz.asc
> gpg --dry-run --no-default-keyring --keyring KEYS.txt.gpg --homedir ./
> --verify ./spark-3.5.4.tgz.asc.gpg ./spark-3.5.4.tgz
> gpg: Signature made Mon Dec 16 20:15:35 2024 PST
> gpg: using RSA key 19F745C40A0E550420BB2C522541488DA93FE4B4
> gpg: Can't check signature: No public key
> {code}
> See: https://lists.apache.org/thread/4p5sdvhcyyx6zfn9tofokzv7h15zj26y
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
