Re: [VOTE] Release DataFusion Python Bindings 37.1.0 RC1

[Andrew Lamb]

+1 (binding)

Thank you Andy and Michael Ward (and everyone else who contrubuted)

I verified on a mac m3 by using the verify script in the repo
~/Software/datafusion-python$ ./dev/release/verify-release-candidate.sh
37.1.0 1

Note that the verification script that was in the tarball did not work for
me (as it refers still to apache-arrow-datafusion-python):

```
(venv) 
andrewlamb@Andrews-MacBook-Pro:~/Downloads/apache-datafusion-python-37.1.0$
./dev/release/verify-release-candidate.sh 37.1.0 1
...
+ download_dist_file
apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
+ curl --silent --show-error --fail --location --remote-name
https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
curl: (22) The requested URL returned error: 404
+ cleanup
+ '[' no = yes ']'
+ echo 'Failed to verify release candidate. See
/var/folders/1l/tg68jc6550gg8xqf1hr4mlwrgn/T/arrow-37.1.0.X.59DJRHMkWV
for details.'
Failed to verify release candidate. See
/var/folders/1l/tg68jc6550gg8xqf1hr4mlwrgn/T/arrow-37.1.0.X.59DJRHMkWV
for details.
```

On Thu, May 9, 2024 at 1:22 PM Andy Grove 
wrote:

> Hi,
>
> I would like to propose a release of the Apache DataFusion Python
> Bindings, version 37.1.0.
>
> Many thanks to Michael Ward for actually preparing this release.
>
> This release candidate is based on commit:
> 7f276516a644cde908cf74795251746d482d1829 [1]
> The proposed release tarball and signatures are hosted at [2].
> The changelog is located at [3].
> The Python wheels are located at [4].
>
> Please download, verify checksums and signatures, run the unit tests, and
> vote
> on the release. The vote will be open for at least 72 hours.
>
> Only votes from PMC members are binding, but all members of the community
> are
> encouraged to test the release and vote with "(non-binding)".
>
> The standard verification procedure is documented at
> https://github.com/apache/datafusion-python/blob/main/dev/release/README.md#verifying-release-candidates
> .
>
> [ ] +1 Release this as Apache DataFusion Python 37.1.0
> [ ] +0
> [ ] -1 Do not release this as Apache DataFusion Python 37.1.0 because...
>
> Here is my vote:
>
> +1
>
> [1]:
> https://github.com/apache/datafusion-python/tree/7f276516a644cde908cf74795251746d482d1829
> [2]:
> https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-python-37.1.0-rc1
> [3]:
> https://github.com/apache/datafusion-python/blob/7f276516a644cde908cf74795251746d482d1829/CHANGELOG.md
> [4]: https://test.pypi.org/project/datafusion/37.1.0/
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
> For additional commands, e-mail: dev-h...@datafusion.apache.org
>
>

[ANNOUNCE] New DataFusion Committer: Jonah Gao

[Andrew Lamb]

On behalf of the Arrow PMC, I'm happy to announce that Jonah Gao
has accepted an invitation to become a committer on Apache
DataFusion. Welcome, and thank you for your contributions!

Andrew

[ANNOUNCE] New DataFusion PMC: Oleks V. (comphead)

[Andrew Lamb]

On behalf of the DataFusion PMC, I'm happy to announce that Oleks V.
(comphead)
has accepted an invitation to join the PMC of Apache
DataFusion. Welcome, and thank you for your contributions!

Andrew

Re: [VOTE] Release Apache DataFusion 38.0.0 RC1

[Andy Grove]

We need one more binding +1 vote for this release vote to pass.

Thanks,

Andy.

> On May 7, 2024, at 6:47 PM, Phillip LeBlanc  wrote:
> 
> +1 (non-binding)
> 
> I verified RC1 on my M1 Mac. Thanks!
> 
> Phillip
> 
> From: Andy Grove 
> Date: Wednesday, May 8, 2024 at 5:37 AM
> To: dev@datafusion.apache.org 
> Subject: Re: [VOTE] Release Apache DataFusion 38.0.0 RC1
> I created a PR to remove the docs.tgz file. I am not sure how that got there.
> 
> https://github.com/apache/datafusion/pull/10416
> 
> I think the untrusted key warning has always been there for more but is more 
> noticeable here due to the smaller number of keys. I think I need to organize 
> a key-signing party to become part of the web of trust.
> 
> Andy.
> 
> 
>> On May 7, 2024, at 10:38 AM, Andrew Lamb  wrote:
>> 
>> +1 (binding) -- thank you Andy!
>> 
>> I verified on mac M3.
>> 
>> One thing I noticed is that the archive[1] is 46 MB compared to previous
>> releases that were more like 6MB 37.1.0 [2]
>> 
>> $ du -s -h apache-*.tar.gz
>> 6.0M apache-arrow-datafusion-37.1.0.tar.gz
>> 46M apache-datafusion-38.0.0.tar.gz
>> 
>> Most of this difference appears to be a doc archive, which appear to be
>> added in [3]
>> $ du -s -h apache-datafusion-38.0.0/docs/docs.tgz
>> 40M apache-datafusion-38.0.0/docs/docs.tgz
>> 
>> Also, possibly interesting is that despite importing the KEYs file I get an
>> error about non trusted keys:
>> 
>> andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$  gpg --import KEYS
>> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
>> gpg: Note: Outdated servers may lack important security fixes.
>> gpg: Note: Use the command "gpgconf --kill all" to restart them.
>> gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
>> gpg: (use option "--allow-weak-key-signatures" to override)
>> gpg: key F105883A1735623D: 1 bad signature
>> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
>> gpg: Note: Outdated servers may lack important security fixes.
>> gpg: Note: Use the command "gpgconf --kill all" to restart them.
>> gpg: key F105883A1735623D: "William Wesley McKinney (CODE SIGNING KEY) <
>> w...@apache.org>" not changed
>> gpg: key 45127976E1E825D4: "Andrew A Lamb (https://github.com/alamb) <
>> and...@nerdnetworks.org>" not changed
>> gpg: key CA1AB41406F9DBAD: "Qingping Hou (CODE SIGNING KEY) <
>> ho...@apache.org>" not changed
>> gpg: key 0B8A854E87467E2C: "Andy Grove " not changed
>> gpg: Total number processed: 4
>> gpg:  unchanged: 4
>> andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$ gpg --verify
>> apache-datafusion-38.0.0.tar.gz.asc
>> gpg: assuming signed data in 'apache-datafusion-38.0.0.tar.gz'
>> gpg: Signature made Tue May  7 11:21:15 2024 EDT
>> gpg:using RSA key B6550C65A4B9EE9F26111DB40B8A854E87467E2C
>> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
>> gpg: Note: Outdated servers may lack important security fixes.
>> gpg: Note: Use the command "gpgconf --kill all" to restart them.
>> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
>> gpg: Note: Outdated servers may lack important security fixes.
>> gpg: Note: Use the command "gpgconf --kill all" to restart them.
>> gpg: Good signature from "Andy Grove " [unknown]
>> gpg: WARNING: This key is not certified with a trusted signature!
>> gpg:  There is no indication that the signature belongs to the
>> owner.
>> Primary key fingerprint: B655 0C65 A4B9 EE9F 2611  1DB4 0B8A 854E 8746 7E2C
>> andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$
>> 
>> 
>> [1]
>> https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-38.0.0-rc1/apache-datafusion-38.0.0.tar.gz
>> [2]
>> https://dist.apache.org/repos/dist/release/arrow/arrow-datafusion-37.1.0/apache-arrow-datafusion-37.1.0.tar.gz
>> [3]
>> https://github.com/apache/datafusion/pull/10407#pullrequestreview-2043665752
>> 
>> On Tue, May 7, 2024 at 11:30 AM Andy Grove 
>> wrote:
>> 
>>> Hi,
>>> 
>>> I would like to propose a release of Apache DataFusion version 38.0.0.
>>> 
>>> This release candidate is based on commit:
>>> cafbc9ddceb5af8c6408d0c8bbfed7568f655ddb [1]
>>> The proposed release tarball and signatures are hosted at [2].
>>> The changelog is located at [3].
>>> 
>>> Please download, verify checksums and signatures, run the unit tests, and
>>> vote
>>> on the release. The vote will be open for at least 72 hours.
>>> 
>>> Only votes from PMC members are binding, but all members of the community
>>> are
>>> encouraged to test the release and vote with "(non-binding)".
>>> 
>>> The standard verification procedure is documented at
>>> https://github.com/apache/datafusion/blob/main/dev/release/README.md#verifying-release-candidates
>>> .
>>> 
>>> [ ] +1 Release this as Apache DataFusion 38.0.0
>>> [ ] +0
>>> [ ] -1 Do not release this as Apache DataFusion 38.0.0 because...
>>> 
>>> Here is my vote:
>>> 
>>> +1
>>> 
>>> [1]:
>>> https://github.com/apache/datafusion/tree/cafbc9ddceb5af8c6408d0c8bb

Re: [VOTE] Release Apache DataFusion 38.0.0 RC1

[L. C. Hsieh]

+1 (binding)

Verified on M3 Mac.

Thanks Andy.

On 2024/05/10 13:55:57 Andy Grove wrote:
> We need one more binding +1 vote for this release vote to pass.
> 
> Thanks,
> 
> Andy.
> 
> > On May 7, 2024, at 6:47 PM, Phillip LeBlanc  wrote:
> > 
> > +1 (non-binding)
> > 
> > I verified RC1 on my M1 Mac. Thanks!
> > 
> > Phillip
> > 
> > From: Andy Grove 
> > Date: Wednesday, May 8, 2024 at 5:37 AM
> > To: dev@datafusion.apache.org 
> > Subject: Re: [VOTE] Release Apache DataFusion 38.0.0 RC1
> > I created a PR to remove the docs.tgz file. I am not sure how that got 
> > there.
> > 
> > https://github.com/apache/datafusion/pull/10416
> > 
> > I think the untrusted key warning has always been there for more but is 
> > more noticeable here due to the smaller number of keys. I think I need to 
> > organize a key-signing party to become part of the web of trust.
> > 
> > Andy.
> > 
> > 
> >> On May 7, 2024, at 10:38 AM, Andrew Lamb  wrote:
> >> 
> >> +1 (binding) -- thank you Andy!
> >> 
> >> I verified on mac M3.
> >> 
> >> One thing I noticed is that the archive[1] is 46 MB compared to previous
> >> releases that were more like 6MB 37.1.0 [2]
> >> 
> >> $ du -s -h apache-*.tar.gz
> >> 6.0M apache-arrow-datafusion-37.1.0.tar.gz
> >> 46M apache-datafusion-38.0.0.tar.gz
> >> 
> >> Most of this difference appears to be a doc archive, which appear to be
> >> added in [3]
> >> $ du -s -h apache-datafusion-38.0.0/docs/docs.tgz
> >> 40M apache-datafusion-38.0.0/docs/docs.tgz
> >> 
> >> Also, possibly interesting is that despite importing the KEYs file I get an
> >> error about non trusted keys:
> >> 
> >> andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$  gpg --import KEYS
> >> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
> >> gpg: Note: Outdated servers may lack important security fixes.
> >> gpg: Note: Use the command "gpgconf --kill all" to restart them.
> >> gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
> >> gpg: (use option "--allow-weak-key-signatures" to override)
> >> gpg: key F105883A1735623D: 1 bad signature
> >> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
> >> gpg: Note: Outdated servers may lack important security fixes.
> >> gpg: Note: Use the command "gpgconf --kill all" to restart them.
> >> gpg: key F105883A1735623D: "William Wesley McKinney (CODE SIGNING KEY) <
> >> w...@apache.org>" not changed
> >> gpg: key 45127976E1E825D4: "Andrew A Lamb (https://github.com/alamb) <
> >> and...@nerdnetworks.org>" not changed
> >> gpg: key CA1AB41406F9DBAD: "Qingping Hou (CODE SIGNING KEY) <
> >> ho...@apache.org>" not changed
> >> gpg: key 0B8A854E87467E2C: "Andy Grove " not changed
> >> gpg: Total number processed: 4
> >> gpg:  unchanged: 4
> >> andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$ gpg --verify
> >> apache-datafusion-38.0.0.tar.gz.asc
> >> gpg: assuming signed data in 'apache-datafusion-38.0.0.tar.gz'
> >> gpg: Signature made Tue May  7 11:21:15 2024 EDT
> >> gpg:using RSA key B6550C65A4B9EE9F26111DB40B8A854E87467E2C
> >> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
> >> gpg: Note: Outdated servers may lack important security fixes.
> >> gpg: Note: Use the command "gpgconf --kill all" to restart them.
> >> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
> >> gpg: Note: Outdated servers may lack important security fixes.
> >> gpg: Note: Use the command "gpgconf --kill all" to restart them.
> >> gpg: Good signature from "Andy Grove " [unknown]
> >> gpg: WARNING: This key is not certified with a trusted signature!
> >> gpg:  There is no indication that the signature belongs to the
> >> owner.
> >> Primary key fingerprint: B655 0C65 A4B9 EE9F 2611  1DB4 0B8A 854E 8746 7E2C
> >> andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$
> >> 
> >> 
> >> [1]
> >> https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-38.0.0-rc1/apache-datafusion-38.0.0.tar.gz
> >> [2]
> >> https://dist.apache.org/repos/dist/release/arrow/arrow-datafusion-37.1.0/apache-arrow-datafusion-37.1.0.tar.gz
> >> [3]
> >> https://github.com/apache/datafusion/pull/10407#pullrequestreview-2043665752
> >> 
> >> On Tue, May 7, 2024 at 11:30 AM Andy Grove 
> >> wrote:
> >> 
> >>> Hi,
> >>> 
> >>> I would like to propose a release of Apache DataFusion version 38.0.0.
> >>> 
> >>> This release candidate is based on commit:
> >>> cafbc9ddceb5af8c6408d0c8bbfed7568f655ddb [1]
> >>> The proposed release tarball and signatures are hosted at [2].
> >>> The changelog is located at [3].
> >>> 
> >>> Please download, verify checksums and signatures, run the unit tests, and
> >>> vote
> >>> on the release. The vote will be open for at least 72 hours.
> >>> 
> >>> Only votes from PMC members are binding, but all members of the community
> >>> are
> >>> encouraged to test the release and vote with "(non-binding)".
> >>> 
> >>> The standard verification procedure is documented at
> >>> https://github.com/apache/datafusion/

Re: [VOTE] Release DataFusion Python Bindings 37.1.0 RC1

[L. C. Hsieh]

I also got the failure:

+ curl --silent --show-error --fail --location --remote-name 
https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
curl: (22) The requested URL returned error: 404


On 2024/05/10 10:30:32 Andrew Lamb wrote:
> +1 (binding)
> 
> Thank you Andy and Michael Ward (and everyone else who contrubuted)
> 
> I verified on a mac m3 by using the verify script in the repo
> ~/Software/datafusion-python$ ./dev/release/verify-release-candidate.sh
> 37.1.0 1
> 
> Note that the verification script that was in the tarball did not work for
> me (as it refers still to apache-arrow-datafusion-python):
> 
> ```
> (venv) 
> andrewlamb@Andrews-MacBook-Pro:~/Downloads/apache-datafusion-python-37.1.0$
> ./dev/release/verify-release-candidate.sh 37.1.0 1
> ...
> + download_dist_file
> apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
> + curl --silent --show-error --fail --location --remote-name
> https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
> curl: (22) The requested URL returned error: 404
> + cleanup
> + '[' no = yes ']'
> + echo 'Failed to verify release candidate. See
> /var/folders/1l/tg68jc6550gg8xqf1hr4mlwrgn/T/arrow-37.1.0.X.59DJRHMkWV
> for details.'
> Failed to verify release candidate. See
> /var/folders/1l/tg68jc6550gg8xqf1hr4mlwrgn/T/arrow-37.1.0.X.59DJRHMkWV
> for details.
> ```
> 
> On Thu, May 9, 2024 at 1:22 PM Andy Grove 
> wrote:
> 
> > Hi,
> >
> > I would like to propose a release of the Apache DataFusion Python
> > Bindings, version 37.1.0.
> >
> > Many thanks to Michael Ward for actually preparing this release.
> >
> > This release candidate is based on commit:
> > 7f276516a644cde908cf74795251746d482d1829 [1]
> > The proposed release tarball and signatures are hosted at [2].
> > The changelog is located at [3].
> > The Python wheels are located at [4].
> >
> > Please download, verify checksums and signatures, run the unit tests, and
> > vote
> > on the release. The vote will be open for at least 72 hours.
> >
> > Only votes from PMC members are binding, but all members of the community
> > are
> > encouraged to test the release and vote with "(non-binding)".
> >
> > The standard verification procedure is documented at
> > https://github.com/apache/datafusion-python/blob/main/dev/release/README.md#verifying-release-candidates
> > .
> >
> > [ ] +1 Release this as Apache DataFusion Python 37.1.0
> > [ ] +0
> > [ ] -1 Do not release this as Apache DataFusion Python 37.1.0 because...
> >
> > Here is my vote:
> >
> > +1
> >
> > [1]:
> > https://github.com/apache/datafusion-python/tree/7f276516a644cde908cf74795251746d482d1829
> > [2]:
> > https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-python-37.1.0-rc1
> > [3]:
> > https://github.com/apache/datafusion-python/blob/7f276516a644cde908cf74795251746d482d1829/CHANGELOG.md
> > [4]: https://test.pypi.org/project/datafusion/37.1.0/
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
> > For additional commands, e-mail: dev-h...@datafusion.apache.org
> >
> >
> 

-
To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
For additional commands, e-mail: dev-h...@datafusion.apache.org

Re: [VOTE] Release Apache DataFusion 38.0.0 RC1

[Andy Grove]

The vote passes with 3 binding +1 votes. Thank you for taking the time to 
verify the release.

The source release is available at 
https://dist.apache.org/repos/dist/release/datafusion/datafusion-38.0.0/

I have also published the crates to crates.io 

Thanks,

Andy.

> On May 10, 2024, at 9:19 AM, L. C. Hsieh  wrote:
> 
> +1 (binding)
> 
> Verified on M3 Mac.
> 
> Thanks Andy.
> 
> On 2024/05/10 13:55:57 Andy Grove wrote:
>> We need one more binding +1 vote for this release vote to pass.
>> 
>> Thanks,
>> 
>> Andy.
>> 
>>> On May 7, 2024, at 6:47 PM, Phillip LeBlanc  wrote:
>>> 
>>> +1 (non-binding)
>>> 
>>> I verified RC1 on my M1 Mac. Thanks!
>>> 
>>> Phillip
>>> 
>>> From: Andy Grove 
>>> Date: Wednesday, May 8, 2024 at 5:37 AM
>>> To: dev@datafusion.apache.org 
>>> Subject: Re: [VOTE] Release Apache DataFusion 38.0.0 RC1
>>> I created a PR to remove the docs.tgz file. I am not sure how that got 
>>> there.
>>> 
>>> https://github.com/apache/datafusion/pull/10416
>>> 
>>> I think the untrusted key warning has always been there for more but is 
>>> more noticeable here due to the smaller number of keys. I think I need to 
>>> organize a key-signing party to become part of the web of trust.
>>> 
>>> Andy.
>>> 
>>> 
 On May 7, 2024, at 10:38 AM, Andrew Lamb  wrote:
 
 +1 (binding) -- thank you Andy!
 
 I verified on mac M3.
 
 One thing I noticed is that the archive[1] is 46 MB compared to previous
 releases that were more like 6MB 37.1.0 [2]
 
 $ du -s -h apache-*.tar.gz
 6.0M apache-arrow-datafusion-37.1.0.tar.gz
 46M apache-datafusion-38.0.0.tar.gz
 
 Most of this difference appears to be a doc archive, which appear to be
 added in [3]
 $ du -s -h apache-datafusion-38.0.0/docs/docs.tgz
 40M apache-datafusion-38.0.0/docs/docs.tgz
 
 Also, possibly interesting is that despite importing the KEYs file I get an
 error about non trusted keys:
 
 andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$  gpg --import KEYS
 gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
 gpg: Note: Outdated servers may lack important security fixes.
 gpg: Note: Use the command "gpgconf --kill all" to restart them.
 gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
 gpg: (use option "--allow-weak-key-signatures" to override)
 gpg: key F105883A1735623D: 1 bad signature
 gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
 gpg: Note: Outdated servers may lack important security fixes.
 gpg: Note: Use the command "gpgconf --kill all" to restart them.
 gpg: key F105883A1735623D: "William Wesley McKinney (CODE SIGNING KEY) <
 w...@apache.org>" not changed
 gpg: key 45127976E1E825D4: "Andrew A Lamb (https://github.com/alamb) <
 and...@nerdnetworks.org>" not changed
 gpg: key CA1AB41406F9DBAD: "Qingping Hou (CODE SIGNING KEY) <
 ho...@apache.org>" not changed
 gpg: key 0B8A854E87467E2C: "Andy Grove " not changed
 gpg: Total number processed: 4
 gpg:  unchanged: 4
 andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$ gpg --verify
 apache-datafusion-38.0.0.tar.gz.asc
 gpg: assuming signed data in 'apache-datafusion-38.0.0.tar.gz'
 gpg: Signature made Tue May  7 11:21:15 2024 EDT
 gpg:using RSA key B6550C65A4B9EE9F26111DB40B8A854E87467E2C
 gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
 gpg: Note: Outdated servers may lack important security fixes.
 gpg: Note: Use the command "gpgconf --kill all" to restart them.
 gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
 gpg: Note: Outdated servers may lack important security fixes.
 gpg: Note: Use the command "gpgconf --kill all" to restart them.
 gpg: Good signature from "Andy Grove " [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:  There is no indication that the signature belongs to the
 owner.
 Primary key fingerprint: B655 0C65 A4B9 EE9F 2611  1DB4 0B8A 854E 8746 7E2C
 andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$
 
 
 [1]
 https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-38.0.0-rc1/apache-datafusion-38.0.0.tar.gz
 [2]
 https://dist.apache.org/repos/dist/release/arrow/arrow-datafusion-37.1.0/apache-arrow-datafusion-37.1.0.tar.gz
 [3]
 https://github.com/apache/datafusion/pull/10407#pullrequestreview-2043665752
 
 On Tue, May 7, 2024 at 11:30 AM Andy Grove 
 wrote:
 
> Hi,
> 
> I would like to propose a release of Apache DataFusion version 38.0.0.
> 
> This release candidate is based on commit:
> cafbc9ddceb5af8c6408d0c8bbfed7568f655ddb [1]
> The proposed release tarball and signatures are hosted at [2].
> The changelog is located at [3].
> 
> Please download, verify checksums and signatures, run the unit 

Re: [VOTE] Release DataFusion Python Bindings 37.1.0 RC1

[Andy Grove]

Yes, the updated release verification script was merged into the repo after the 
release candidate was created, so it is necessary to run the script from the 
latest in the repo for now.

Would you mind running from the repo this time?



> On May 10, 2024, at 9:23 AM, L. C. Hsieh  wrote:
> 
> I also got the failure:
> 
> + curl --silent --show-error --fail --location --remote-name 
> https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
> curl: (22) The requested URL returned error: 404
> 
> 
> On 2024/05/10 10:30:32 Andrew Lamb wrote:
>> +1 (binding)
>> 
>> Thank you Andy and Michael Ward (and everyone else who contrubuted)
>> 
>> I verified on a mac m3 by using the verify script in the repo
>> ~/Software/datafusion-python$ ./dev/release/verify-release-candidate.sh
>> 37.1.0 1
>> 
>> Note that the verification script that was in the tarball did not work for
>> me (as it refers still to apache-arrow-datafusion-python):
>> 
>> ```
>> (venv) 
>> andrewlamb@Andrews-MacBook-Pro:~/Downloads/apache-datafusion-python-37.1.0$
>> ./dev/release/verify-release-candidate.sh 37.1.0 1
>> ...
>> + download_dist_file
>> apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
>> + curl --silent --show-error --fail --location --remote-name
>> https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
>> curl: (22) The requested URL returned error: 404
>> + cleanup
>> + '[' no = yes ']'
>> + echo 'Failed to verify release candidate. See
>> /var/folders/1l/tg68jc6550gg8xqf1hr4mlwrgn/T/arrow-37.1.0.X.59DJRHMkWV
>> for details.'
>> Failed to verify release candidate. See
>> /var/folders/1l/tg68jc6550gg8xqf1hr4mlwrgn/T/arrow-37.1.0.X.59DJRHMkWV
>> for details.
>> ```
>> 
>> On Thu, May 9, 2024 at 1:22 PM Andy Grove 
>> wrote:
>> 
>>> Hi,
>>> 
>>> I would like to propose a release of the Apache DataFusion Python
>>> Bindings, version 37.1.0.
>>> 
>>> Many thanks to Michael Ward for actually preparing this release.
>>> 
>>> This release candidate is based on commit:
>>> 7f276516a644cde908cf74795251746d482d1829 [1]
>>> The proposed release tarball and signatures are hosted at [2].
>>> The changelog is located at [3].
>>> The Python wheels are located at [4].
>>> 
>>> Please download, verify checksums and signatures, run the unit tests, and
>>> vote
>>> on the release. The vote will be open for at least 72 hours.
>>> 
>>> Only votes from PMC members are binding, but all members of the community
>>> are
>>> encouraged to test the release and vote with "(non-binding)".
>>> 
>>> The standard verification procedure is documented at
>>> https://github.com/apache/datafusion-python/blob/main/dev/release/README.md#verifying-release-candidates
>>> .
>>> 
>>> [ ] +1 Release this as Apache DataFusion Python 37.1.0
>>> [ ] +0
>>> [ ] -1 Do not release this as Apache DataFusion Python 37.1.0 because...
>>> 
>>> Here is my vote:
>>> 
>>> +1
>>> 
>>> [1]:
>>> https://github.com/apache/datafusion-python/tree/7f276516a644cde908cf74795251746d482d1829
>>> [2]:
>>> https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-python-37.1.0-rc1
>>> [3]:
>>> https://github.com/apache/datafusion-python/blob/7f276516a644cde908cf74795251746d482d1829/CHANGELOG.md
>>> [4]: https://test.pypi.org/project/datafusion/37.1.0/
>>> 
>>> 
>>> -
>>> To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
>>> For additional commands, e-mail: dev-h...@datafusion.apache.org
>>> 
>>> 
>> 
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
> For additional commands, e-mail: dev-h...@datafusion.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
For additional commands, e-mail: dev-h...@datafusion.apache.org

[ANNOUNCE] New DataFusion PMC: Mustafa Akur (akurmustafa)

[Andrew Lamb]

On behalf of the DataFusion PMC, I'm happy to announce that Mustafa Akur
(akurmustafa)
has accepted an invitation to join the PMC of Apache DataFusion. Welcome,
and thank you for your contributions!

Andrew

Re: [VOTE] Release Apache DataFusion 38.0.0 RC1

[Andrew Lamb]

Thank you Andy -- a very exciting milestone that we have the first release
as a top level project!

On Fri, May 10, 2024 at 12:00 PM Andy Grove 
wrote:

> The vote passes with 3 binding +1 votes. Thank you for taking the time to
> verify the release.
>
> The source release is available at
> https://dist.apache.org/repos/dist/release/datafusion/datafusion-38.0.0/
>
> I have also published the crates to crates.io 
>
> Thanks,
>
> Andy.
>
> > On May 10, 2024, at 9:19 AM, L. C. Hsieh  wrote:
> >
> > +1 (binding)
> >
> > Verified on M3 Mac.
> >
> > Thanks Andy.
> >
> > On 2024/05/10 13:55:57 Andy Grove wrote:
> >> We need one more binding +1 vote for this release vote to pass.
> >>
> >> Thanks,
> >>
> >> Andy.
> >>
> >>> On May 7, 2024, at 6:47 PM, Phillip LeBlanc 
> wrote:
> >>>
> >>> +1 (non-binding)
> >>>
> >>> I verified RC1 on my M1 Mac. Thanks!
> >>>
> >>> Phillip
> >>>
> >>> From: Andy Grove 
> >>> Date: Wednesday, May 8, 2024 at 5:37 AM
> >>> To: dev@datafusion.apache.org 
> >>> Subject: Re: [VOTE] Release Apache DataFusion 38.0.0 RC1
> >>> I created a PR to remove the docs.tgz file. I am not sure how that got
> there.
> >>>
> >>> https://github.com/apache/datafusion/pull/10416
> >>>
> >>> I think the untrusted key warning has always been there for more but
> is more noticeable here due to the smaller number of keys. I think I need
> to organize a key-signing party to become part of the web of trust.
> >>>
> >>> Andy.
> >>>
> >>>
>  On May 7, 2024, at 10:38 AM, Andrew Lamb 
> wrote:
> 
>  +1 (binding) -- thank you Andy!
> 
>  I verified on mac M3.
> 
>  One thing I noticed is that the archive[1] is 46 MB compared to
> previous
>  releases that were more like 6MB 37.1.0 [2]
> 
>  $ du -s -h apache-*.tar.gz
>  6.0M apache-arrow-datafusion-37.1.0.tar.gz
>  46M apache-datafusion-38.0.0.tar.gz
> 
>  Most of this difference appears to be a doc archive, which appear to
> be
>  added in [3]
>  $ du -s -h apache-datafusion-38.0.0/docs/docs.tgz
>  40M apache-datafusion-38.0.0/docs/docs.tgz
> 
>  Also, possibly interesting is that despite importing the KEYs file I
> get an
>  error about non trusted keys:
> 
>  andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$  gpg --import KEYS
>  gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
>  gpg: Note: Outdated servers may lack important security fixes.
>  gpg: Note: Use the command "gpgconf --kill all" to restart them.
>  gpg: Note: third-party key signatures using the SHA1 algorithm are
> rejected
>  gpg: (use option "--allow-weak-key-signatures" to override)
>  gpg: key F105883A1735623D: 1 bad signature
>  gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
>  gpg: Note: Outdated servers may lack important security fixes.
>  gpg: Note: Use the command "gpgconf --kill all" to restart them.
>  gpg: key F105883A1735623D: "William Wesley McKinney (CODE SIGNING
> KEY) <
>  w...@apache.org>" not changed
>  gpg: key 45127976E1E825D4: "Andrew A Lamb (https://github.com/alamb)
> <
>  and...@nerdnetworks.org>" not changed
>  gpg: key CA1AB41406F9DBAD: "Qingping Hou (CODE SIGNING KEY) <
>  ho...@apache.org>" not changed
>  gpg: key 0B8A854E87467E2C: "Andy Grove " not
> changed
>  gpg: Total number processed: 4
>  gpg:  unchanged: 4
>  andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$ gpg --verify
>  apache-datafusion-38.0.0.tar.gz.asc
>  gpg: assuming signed data in 'apache-datafusion-38.0.0.tar.gz'
>  gpg: Signature made Tue May  7 11:21:15 2024 EDT
>  gpg:using RSA key
> B6550C65A4B9EE9F26111DB40B8A854E87467E2C
>  gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
>  gpg: Note: Outdated servers may lack important security fixes.
>  gpg: Note: Use the command "gpgconf --kill all" to restart them.
>  gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5)
>  gpg: Note: Outdated servers may lack important security fixes.
>  gpg: Note: Use the command "gpgconf --kill all" to restart them.
>  gpg: Good signature from "Andy Grove " [unknown]
>  gpg: WARNING: This key is not certified with a trusted signature!
>  gpg:  There is no indication that the signature belongs to the
>  owner.
>  Primary key fingerprint: B655 0C65 A4B9 EE9F 2611  1DB4 0B8A 854E
> 8746 7E2C
>  andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$
> 
> 
>  [1]
> 
> https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-38.0.0-rc1/apache-datafusion-38.0.0.tar.gz
>  [2]
> 
> https://dist.apache.org/repos/dist/release/arrow/arrow-datafusion-37.1.0/apache-arrow-datafusion-37.1.0.tar.gz
>  [3]
> 
> https://github.com/apache/datafusion/pull/10407#pullrequestreview-2043665752
> 
>  On Tue, May 7, 2024 at 11:30 AM Andy Grove
> 
>  wrote:
> 
> > Hi,

Re: [VOTE] Release DataFusion Python Bindings 37.1.0 RC1

[L. C. Hsieh]

I ran the verification script from the repo now. It works.

+1 (binding)

Verified on M3 Mac.

Thanks Andy.


On Fri, May 10, 2024 at 10:52 AM Andy Grove
 wrote:
>
> Yes, the updated release verification script was merged into the repo after 
> the release candidate was created, so it is necessary to run the script from 
> the latest in the repo for now.
>
> Would you mind running from the repo this time?
>
>
>
> > On May 10, 2024, at 9:23 AM, L. C. Hsieh  wrote:
> >
> > I also got the failure:
> >
> > + curl --silent --show-error --fail --location --remote-name 
> > https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
> > curl: (22) The requested URL returned error: 404
> >
> >
> > On 2024/05/10 10:30:32 Andrew Lamb wrote:
> >> +1 (binding)
> >>
> >> Thank you Andy and Michael Ward (and everyone else who contrubuted)
> >>
> >> I verified on a mac m3 by using the verify script in the repo
> >> ~/Software/datafusion-python$ ./dev/release/verify-release-candidate.sh
> >> 37.1.0 1
> >>
> >> Note that the verification script that was in the tarball did not work for
> >> me (as it refers still to apache-arrow-datafusion-python):
> >>
> >> ```
> >> (venv) 
> >> andrewlamb@Andrews-MacBook-Pro:~/Downloads/apache-datafusion-python-37.1.0$
> >> ./dev/release/verify-release-candidate.sh 37.1.0 1
> >> ...
> >> + download_dist_file
> >> apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
> >> + curl --silent --show-error --fail --location --remote-name
> >> https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-datafusion-python-37.1.0-rc1/apache-arrow-datafusion-python-37.1.0.tar.gz
> >> curl: (22) The requested URL returned error: 404
> >> + cleanup
> >> + '[' no = yes ']'
> >> + echo 'Failed to verify release candidate. See
> >> /var/folders/1l/tg68jc6550gg8xqf1hr4mlwrgn/T/arrow-37.1.0.X.59DJRHMkWV
> >> for details.'
> >> Failed to verify release candidate. See
> >> /var/folders/1l/tg68jc6550gg8xqf1hr4mlwrgn/T/arrow-37.1.0.X.59DJRHMkWV
> >> for details.
> >> ```
> >>
> >> On Thu, May 9, 2024 at 1:22 PM Andy Grove 
> >> wrote:
> >>
> >>> Hi,
> >>>
> >>> I would like to propose a release of the Apache DataFusion Python
> >>> Bindings, version 37.1.0.
> >>>
> >>> Many thanks to Michael Ward for actually preparing this release.
> >>>
> >>> This release candidate is based on commit:
> >>> 7f276516a644cde908cf74795251746d482d1829 [1]
> >>> The proposed release tarball and signatures are hosted at [2].
> >>> The changelog is located at [3].
> >>> The Python wheels are located at [4].
> >>>
> >>> Please download, verify checksums and signatures, run the unit tests, and
> >>> vote
> >>> on the release. The vote will be open for at least 72 hours.
> >>>
> >>> Only votes from PMC members are binding, but all members of the community
> >>> are
> >>> encouraged to test the release and vote with "(non-binding)".
> >>>
> >>> The standard verification procedure is documented at
> >>> https://github.com/apache/datafusion-python/blob/main/dev/release/README.md#verifying-release-candidates
> >>> .
> >>>
> >>> [ ] +1 Release this as Apache DataFusion Python 37.1.0
> >>> [ ] +0
> >>> [ ] -1 Do not release this as Apache DataFusion Python 37.1.0 because...
> >>>
> >>> Here is my vote:
> >>>
> >>> +1
> >>>
> >>> [1]:
> >>> https://github.com/apache/datafusion-python/tree/7f276516a644cde908cf74795251746d482d1829
> >>> [2]:
> >>> https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-python-37.1.0-rc1
> >>> [3]:
> >>> https://github.com/apache/datafusion-python/blob/7f276516a644cde908cf74795251746d482d1829/CHANGELOG.md
> >>> [4]: https://test.pypi.org/project/datafusion/37.1.0/
> >>>
> >>>
> >>> -
> >>> To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
> >>> For additional commands, e-mail: dev-h...@datafusion.apache.org
> >>>
> >>>
> >>
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
> > For additional commands, e-mail: dev-h...@datafusion.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
> For additional commands, e-mail: dev-h...@datafusion.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org
For additional commands, e-mail: dev-h...@datafusion.apache.org

Re: [ANNOUNCE] New DataFusion PMC: Mustafa Akur (akurmustafa)

[Edmondo Porcu]

Congrats!

On Fri, May 10, 2024 at 2:15 PM Andrew Lamb  wrote:

> On behalf of the DataFusion PMC, I'm happy to announce that Mustafa Akur
> (akurmustafa)
> has accepted an invitation to join the PMC of Apache DataFusion. Welcome,
> and thank you for your contributions!
>
> Andrew
>

Re: [ANNOUNCE] New DataFusion PMC: Mustafa Akur (akurmustafa)

[Luke Kim]

Congrats, Mustafa!

Luke



On Fri, May 10, 2024 at 11:05 AM, Andrew Lamb 
mailto:andrewlam...@gmail.com>> wrote:

On behalf of the DataFusion PMC, I'm happy to announce that Mustafa Akur
(akurmustafa)
has accepted an invitation to join the PMC of Apache DataFusion. Welcome, and 
thank you for your contributions!

Andrew