+1 (binding) Verified on M4 Mac.
Note that after removing requirements-310.txt as Andrew suggested, in order to make it work, I also need to add `python3 -m pip install -U maturin` before the `maturin develop` command in the script. I left a comment in the PR. Thanks Tim and Andrew. On Mon, Feb 3, 2025 at 6:15 AM Andrew Lamb <al...@influxdata.com> wrote: > > +1 (binding) > > Note I had to update verify_release_candidate.sh manually[1] to get the > verification to pass. > > Also to anyone else interested, Tim and I had a short video call to verify > that this is indeed the Tim Saucer I know and thus I have added the key to > the KEYS file > > However, the key isn't verified by another trusted signature and results in > the warning below. This is actually the same for Andy Grove's key as well, > so I think we should have a "keysigning party" and add your keys to the web > of trust. I will follow up with an email separately > > + gpg --verify ./apache-datafusion-python-44.0.0.tar.gz.asc > ./apache-datafusion-python-44.0.0.tar.gz > gpg: Signature made Sun Feb 2 17:27:59 2025 EST > gpg: using EDDSA key CF6296EE7380F05894FE36443562A212282A90AD > gpg: Good signature from "Timothy Saucer <timsau...@gmail.com>" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > > > After fixing that and commenting out the `pip install` (see [1]) the > verification passed > > + popd > /var/folders/1l/tg68jc6550gg8xqf1hr4mlwr0000gn/T/datafusion-python-44.0.0.XXXXX.q8U6Obzdcw > + TEST_SUCCESS=yes > + echo 'Release candidate looks good!' > Release candidate looks good! > + exit 0 > + cleanup > + '[' yes = yes ']' > + rm -fr > /var/folders/1l/tg68jc6550gg8xqf1hr4mlwr0000gn/T/datafusion-python-44.0.0.XXXXX.q8U6Obzdcw > > > [1]: https://github.com/apache/datafusion-python/pull/1012 > > On Sun, Feb 2, 2025 at 8:05 PM Tim Saucer <timsau...@gmail.com> wrote: > > > Ah, I didn’t see that I needed to do that. I’ll upload in the morning. > > Thank you for catching the issue. > > > > > On Feb 2, 2025, at 7:24 PM, Andrew Lamb <andrewlam...@gmail.com> wrote: > > > > > > Thanks for doing this Tim! > > > > > > As we have met in person, perhaps we could/should have a keysigning party > > > (aka zoom call) where I can sign and add your keys > > > > > > One thing I noticed is that I can't find the key used for for keysigning > > > > > > andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$ gpg --verify > > > apache-datafusion-python-44.0.0.tar.gz.asc > > > gpg: assuming signed data in 'apache-datafusion-python-44.0.0.tar.gz' > > > gpg: Signature made Sun Feb 2 17:27:59 2025 EST > > > gpg: using EDDSA key > > CF6296EE7380F05894FE36443562A212282A90AD > > > gpg: Can't check signature: No public key > > > > > > I also check on the ubuntu keyserver and it wasn't there either: > > > > > https://keyserver.ubuntu.com/pks/lookup?search=CF6296EE7380F05894FE36443562A212282A90AD&fingerprint=on&op=index > > > > > > > > > This also caused the release verification script for me to fail: > > > > > > $ apache-datafusion-python-44.0.0$ > > > ./dev/release/verify-release-candidate.sh 44.0.0 1 > > > ... > > > > > > + artifact=./apache-datafusion-python-44.0.0.tar.gz > > > + gpg --verify ./apache-datafusion-python-44.0.0.tar.gz.asc > > > ./apache-datafusion-python-44.0.0.tar.gz > > > gpg: Signature made Sun Feb 2 17:27:59 2025 EST > > > gpg: using EDDSA key > > CF6296EE7380F05894FE36443562A212282A90AD > > > gpg: Can't check signature: No public key > > > + exit 1 > > > > > > > > > > > >> On Sun, Feb 2, 2025 at 6:15 PM Tim Saucer <timsau...@gmail.com> wrote: > > >> > > >> Hi, > > >> > > >> I would like to propose a release of the Apache DataFusion Python > > Bindings, > > >> version 44.0.0. > > >> > > >> This release candidate is based on commit: > > >> f5a9f25080a6774d9dd202774baae8a659b2e396 [1] > > >> The proposed release tarball and signatures are hosted at [2]. > > >> The changelog is located at [3]. > > >> The Python wheels are located at [4]. > > >> > > >> Please download, verify checksums and signatures, run the unit tests, > > and > > >> vote > > >> on the release. The vote will be open for at least 72 hours. > > >> > > >> Only votes from PMC members are binding, but all members of the > > community > > >> are > > >> encouraged to test the release and vote with "(non-binding)". > > >> > > >> The standard verification procedure is documented at > > >> > > >> > > https://github.com/apache/datafusion-python/blob/main/dev/release/README.md#verifying-release-candidates > > >> . > > >> > > >> [ ] +1 Release this as Apache DataFusion Python 44.0.0 > > >> [ ] +0 > > >> [ ] -1 Do not release this as Apache DataFusion Python 44.0.0 because... > > >> > > >> Here is my vote: > > >> > > >> +1 (non-binding) > > >> > > >> [1]: > > >> > > >> > > https://github.com/apache/datafusion-python/tree/f5a9f25080a6774d9dd202774baae8a659b2e396 > > >> [2]: > > >> > > >> > > https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-python-44.0.0-rc1 > > >> [3]: > > >> > > >> > > https://github.com/apache/datafusion-python/blob/f5a9f25080a6774d9dd202774baae8a659b2e396/CHANGELOG.md > > >> [4]: https://test.pypi.org/project/datafusion/44.0.0/ > > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org > > For additional commands, e-mail: dev-h...@datafusion.apache.org > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org For additional commands, e-mail: dev-h...@datafusion.apache.org
