However .... due to reproducibility (what a cool feature) - the binaries are not going to change when I rebuild it and sign locally, So I guess if I will **just** replace signatures, you could potentially change your vote to +1 without having to restart voting.
WDYT Jed? On Wed, Jul 3, 2024 at 8:50 PM Jarek Potiuk <ja...@potiuk.com> wrote: > AAAAH. Thanks Jed. My bad. I have done it on a new machine and my key was > not setup properly apparently. > > On Wed, Jul 3, 2024 at 8:46 PM Jed Cunningham <jedcunning...@apache.org> > wrote: > >> -1 >> >> Checked reproducibility, checksums, licences. Those look good! >> >> There seems to be a problem with the signatures, however? I did reimport >> from KEYS. Jarek, do you maybe have a local key you were experimenting >> with >> for the trusted publishing workflow or something? >> >> >> Checking apache_airflow_providers_openlineage-1.9.0-py3-none-any.whl.asc >> >> gpg: assuming signed data in >> 'apache_airflow_providers_openlineage-1.9.0-py3-none-any.whl' >> gpg: Signature made Tue Jul 2 09:31:15 2024 MDT >> gpg: using RSA key A9A8E81A53009F34B1200BB5E3F1C6A4B0DE8968 >> gpg: issuer "dev@airflow.apache.org" >> gpg: Can't check signature: No public key >> Checking apache_airflow_providers_openlineage-1.9.0.tar.gz.asc >> >> gpg: assuming signed data in >> 'apache_airflow_providers_openlineage-1.9.0.tar.gz' >> gpg: Signature made Tue Jul 2 09:31:15 2024 MDT >> gpg: using RSA key A9A8E81A53009F34B1200BB5E3F1C6A4B0DE8968 >> gpg: issuer "dev@airflow.apache.org" >> gpg: Can't check signature: No public key >> >
