We need one more binding +1 vote for this release vote to pass. Thanks,
Andy. > On May 7, 2024, at 6:47 PM, Phillip LeBlanc <phil...@leblanc.tech> wrote: > > +1 (non-binding) > > I verified RC1 on my M1 Mac. Thanks! > > Phillip > > From: Andy Grove <andy.gr...@apple.com.INVALID> > Date: Wednesday, May 8, 2024 at 5:37 AM > To: dev@datafusion.apache.org <dev@datafusion.apache.org> > Subject: Re: [VOTE] Release Apache DataFusion 38.0.0 RC1 > I created a PR to remove the docs.tgz file. I am not sure how that got there. > > https://github.com/apache/datafusion/pull/10416 > > I think the untrusted key warning has always been there for more but is more > noticeable here due to the smaller number of keys. I think I need to organize > a key-signing party to become part of the web of trust. > > Andy. > > >> On May 7, 2024, at 10:38 AM, Andrew Lamb <andrewlam...@gmail.com> wrote: >> >> +1 (binding) -- thank you Andy! >> >> I verified on mac M3. >> >> One thing I noticed is that the archive[1] is 46 MB compared to previous >> releases that were more like 6MB 37.1.0 [2] >> >> $ du -s -h apache-*.tar.gz >> 6.0M apache-arrow-datafusion-37.1.0.tar.gz >> 46M apache-datafusion-38.0.0.tar.gz >> >> Most of this difference appears to be a doc archive, which appear to be >> added in [3] >> $ du -s -h apache-datafusion-38.0.0/docs/docs.tgz >> 40M apache-datafusion-38.0.0/docs/docs.tgz >> >> Also, possibly interesting is that despite importing the KEYs file I get an >> error about non trusted keys: >> >> andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$ gpg --import KEYS >> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5) >> gpg: Note: Outdated servers may lack important security fixes. >> gpg: Note: Use the command "gpgconf --kill all" to restart them. >> gpg: Note: third-party key signatures using the SHA1 algorithm are rejected >> gpg: (use option "--allow-weak-key-signatures" to override) >> gpg: key F105883A1735623D: 1 bad signature >> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5) >> gpg: Note: Outdated servers may lack important security fixes. >> gpg: Note: Use the command "gpgconf --kill all" to restart them. >> gpg: key F105883A1735623D: "William Wesley McKinney (CODE SIGNING KEY) < >> w...@apache.org>" not changed >> gpg: key 45127976E1E825D4: "Andrew A Lamb (https://github.com/alamb) < >> and...@nerdnetworks.org>" not changed >> gpg: key CA1AB41406F9DBAD: "Qingping Hou (CODE SIGNING KEY) < >> ho...@apache.org>" not changed >> gpg: key 0B8A854E87467E2C: "Andy Grove <agr...@apache.org>" not changed >> gpg: Total number processed: 4 >> gpg: unchanged: 4 >> andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$ gpg --verify >> apache-datafusion-38.0.0.tar.gz.asc >> gpg: assuming signed data in 'apache-datafusion-38.0.0.tar.gz' >> gpg: Signature made Tue May 7 11:21:15 2024 EDT >> gpg: using RSA key B6550C65A4B9EE9F26111DB40B8A854E87467E2C >> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5) >> gpg: Note: Outdated servers may lack important security fixes. >> gpg: Note: Use the command "gpgconf --kill all" to restart them. >> gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.4.5) >> gpg: Note: Outdated servers may lack important security fixes. >> gpg: Note: Use the command "gpgconf --kill all" to restart them. >> gpg: Good signature from "Andy Grove <agr...@apache.org>" [unknown] >> gpg: WARNING: This key is not certified with a trusted signature! >> gpg: There is no indication that the signature belongs to the >> owner. >> Primary key fingerprint: B655 0C65 A4B9 EE9F 2611 1DB4 0B8A 854E 8746 7E2C >> andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$ >> >> >> [1] >> https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-38.0.0-rc1/apache-datafusion-38.0.0.tar.gz >> [2] >> https://dist.apache.org/repos/dist/release/arrow/arrow-datafusion-37.1.0/apache-arrow-datafusion-37.1.0.tar.gz >> [3] >> https://github.com/apache/datafusion/pull/10407#pullrequestreview-2043665752 >> >> On Tue, May 7, 2024 at 11:30 AM Andy Grove <andy.gr...@apple.com.invalid> >> wrote: >> >>> Hi, >>> >>> I would like to propose a release of Apache DataFusion version 38.0.0. >>> >>> This release candidate is based on commit: >>> cafbc9ddceb5af8c6408d0c8bbfed7568f655ddb [1] >>> The proposed release tarball and signatures are hosted at [2]. >>> The changelog is located at [3]. >>> >>> Please download, verify checksums and signatures, run the unit tests, and >>> vote >>> on the release. The vote will be open for at least 72 hours. >>> >>> Only votes from PMC members are binding, but all members of the community >>> are >>> encouraged to test the release and vote with "(non-binding)". >>> >>> The standard verification procedure is documented at >>> https://github.com/apache/datafusion/blob/main/dev/release/README.md#verifying-release-candidates >>> . >>> >>> [ ] +1 Release this as Apache DataFusion 38.0.0 >>> [ ] +0 >>> [ ] -1 Do not release this as Apache DataFusion 38.0.0 because... >>> >>> Here is my vote: >>> >>> +1 >>> >>> [1]: >>> https://github.com/apache/datafusion/tree/cafbc9ddceb5af8c6408d0c8bbfed7568f655ddb >>> [2]: >>> https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-38.0.0-rc1 >>> [3]: >>> https://github.com/apache/datafusion/blob/cafbc9ddceb5af8c6408d0c8bbfed7568f655ddb/CHANGELOG.md >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org >>> For additional commands, e-mail: dev-h...@datafusion.apache.org >>> >>> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org For additional commands, e-mail: dev-h...@datafusion.apache.org
