Aah yes, it appears my Apache GPG key has expired, and gpg "helpfully"
used an unrelated one.
pub rsa4096 2016-11-19 [SC] [expires: 2024-10-03]
B90EB64A3AF15545EC8A7B8803F0D5EA3790810C
I'll see about getting a new key added, and simultaneously see if I can
find another volunteer to shepherd this release through.
I'll also make a note to investigate if our verification scripts should
be updated to trust just the apache KEYS and ignore any local trusts, as
verification passed on my local machine.
On 05/03/2025 11:06, Jacob Wujciak wrote:
-1 as I think this was signed with the wrong key?
gpg: Signature made Wed 05 Mar 2025 11:43:17 AM CET
gpg: using RSA key BF5A4[...]
gpg: Can't check signature: No public key
vs
gpg: key 03F0D5EA3790810C: "Raphael Jaen Taylor-Davies
<r.taylordav...@googlemail.com>"
Am Mi., 5. März 2025 um 11:47 Uhr schrieb Raphael Taylor-Davies
<r.taylordav...@googlemail.com.invalid>:
Hi,
I would like to propose a release of Apache Arrow Rust Object
Store Implementation, version 0.12.0.
This release candidate is based on commit:
89a2ef8e06088c29433c41a8d8f6f2a46ba8f399 [1]
The proposed release tarball and signatures are hosted at [2].
The changelog is located at [3].
Please download, verify checksums and signatures, run the unit tests,
and vote on the release. There is a script [4] that automates some of
the verification.
The vote will be open for at least 72 hours.
[ ] +1 Release this as Apache Arrow Rust Object Store
[ ] +0
[ ] -1 Do not release this as Apache Arrow Rust Object Store because...
[1]:
https://github.com/apache/arrow-rs/tree/89a2ef8e06088c29433c41a8d8f6f2a46ba8f399
[2]:
https://dist.apache.org/repos/dist/dev/arrow/apache-arrow-object-store-rs-0.12.0-rc1
[3]:
https://github.com/apache/arrow-rs/blob/89a2ef8e06088c29433c41a8d8f6f2a46ba8f399/object_store/CHANGELOG.md
[4]:
https://github.com/apache/arrow-rs/blob/main/object_store/dev/release/verify-release-candidate.sh
