+1 non-binding Ran `./dev/release/verify-release-candidate.sh 44.0.0 1` with the same change to the script as described above.
PS, first time running RC verification for datafusion-python, looks like these "Verifying a Release" <https://github.com/apache/datafusion-python/blob/main/dev/release/README.md#verifying-a-release> instructions are outdated. Best, Kevin Liu On Mon, Feb 3, 2025 at 9:36 AM L. C. Hsieh <vii...@gmail.com> wrote: > +1 (binding) > > Verified on M4 Mac. > > Note that after removing requirements-310.txt as Andrew suggested, in > order to make it work, > I also need to add `python3 -m pip install -U maturin` before the > `maturin develop` command in the script. > I left a comment in the PR. > > Thanks Tim and Andrew. > > On Mon, Feb 3, 2025 at 6:15 AM Andrew Lamb <al...@influxdata.com> wrote: > > > > +1 (binding) > > > > Note I had to update verify_release_candidate.sh manually[1] to get the > > verification to pass. > > > > Also to anyone else interested, Tim and I had a short video call to > verify > > that this is indeed the Tim Saucer I know and thus I have added the key > to > > the KEYS file > > > > However, the key isn't verified by another trusted signature and results > in > > the warning below. This is actually the same for Andy Grove's key as > well, > > so I think we should have a "keysigning party" and add your keys to the > web > > of trust. I will follow up with an email separately > > > > + gpg --verify ./apache-datafusion-python-44.0.0.tar.gz.asc > > ./apache-datafusion-python-44.0.0.tar.gz > > gpg: Signature made Sun Feb 2 17:27:59 2025 EST > > gpg: using EDDSA key > CF6296EE7380F05894FE36443562A212282A90AD > > gpg: Good signature from "Timothy Saucer <timsau...@gmail.com>" > [unknown] > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to the > > owner. > > > > > > After fixing that and commenting out the `pip install` (see [1]) the > > verification passed > > > > + popd > > > /var/folders/1l/tg68jc6550gg8xqf1hr4mlwr0000gn/T/datafusion-python-44.0.0.XXXXX.q8U6Obzdcw > > + TEST_SUCCESS=yes > > + echo 'Release candidate looks good!' > > Release candidate looks good! > > + exit 0 > > + cleanup > > + '[' yes = yes ']' > > + rm -fr > > > /var/folders/1l/tg68jc6550gg8xqf1hr4mlwr0000gn/T/datafusion-python-44.0.0.XXXXX.q8U6Obzdcw > > > > > > [1]: https://github.com/apache/datafusion-python/pull/1012 > > > > On Sun, Feb 2, 2025 at 8:05 PM Tim Saucer <timsau...@gmail.com> wrote: > > > > > Ah, I didn’t see that I needed to do that. I’ll upload in the morning. > > > Thank you for catching the issue. > > > > > > > On Feb 2, 2025, at 7:24 PM, Andrew Lamb <andrewlam...@gmail.com> > wrote: > > > > > > > > Thanks for doing this Tim! > > > > > > > > As we have met in person, perhaps we could/should have a keysigning > party > > > > (aka zoom call) where I can sign and add your keys > > > > > > > > One thing I noticed is that I can't find the key used for for > keysigning > > > > > > > > andrewlamb@Andrews-MacBook-Pro-2:~/Downloads$ gpg --verify > > > > apache-datafusion-python-44.0.0.tar.gz.asc > > > > gpg: assuming signed data in 'apache-datafusion-python-44.0.0.tar.gz' > > > > gpg: Signature made Sun Feb 2 17:27:59 2025 EST > > > > gpg: using EDDSA key > > > CF6296EE7380F05894FE36443562A212282A90AD > > > > gpg: Can't check signature: No public key > > > > > > > > I also check on the ubuntu keyserver and it wasn't there either: > > > > > > > > https://keyserver.ubuntu.com/pks/lookup?search=CF6296EE7380F05894FE36443562A212282A90AD&fingerprint=on&op=index > > > > > > > > > > > > This also caused the release verification script for me to fail: > > > > > > > > $ apache-datafusion-python-44.0.0$ > > > > ./dev/release/verify-release-candidate.sh 44.0.0 1 > > > > ... > > > > > > > > + artifact=./apache-datafusion-python-44.0.0.tar.gz > > > > + gpg --verify ./apache-datafusion-python-44.0.0.tar.gz.asc > > > > ./apache-datafusion-python-44.0.0.tar.gz > > > > gpg: Signature made Sun Feb 2 17:27:59 2025 EST > > > > gpg: using EDDSA key > > > CF6296EE7380F05894FE36443562A212282A90AD > > > > gpg: Can't check signature: No public key > > > > + exit 1 > > > > > > > > > > > > > > > >> On Sun, Feb 2, 2025 at 6:15 PM Tim Saucer <timsau...@gmail.com> > wrote: > > > >> > > > >> Hi, > > > >> > > > >> I would like to propose a release of the Apache DataFusion Python > > > Bindings, > > > >> version 44.0.0. > > > >> > > > >> This release candidate is based on commit: > > > >> f5a9f25080a6774d9dd202774baae8a659b2e396 [1] > > > >> The proposed release tarball and signatures are hosted at [2]. > > > >> The changelog is located at [3]. > > > >> The Python wheels are located at [4]. > > > >> > > > >> Please download, verify checksums and signatures, run the unit > tests, > > > and > > > >> vote > > > >> on the release. The vote will be open for at least 72 hours. > > > >> > > > >> Only votes from PMC members are binding, but all members of the > > > community > > > >> are > > > >> encouraged to test the release and vote with "(non-binding)". > > > >> > > > >> The standard verification procedure is documented at > > > >> > > > >> > > > > https://github.com/apache/datafusion-python/blob/main/dev/release/README.md#verifying-release-candidates > > > >> . > > > >> > > > >> [ ] +1 Release this as Apache DataFusion Python 44.0.0 > > > >> [ ] +0 > > > >> [ ] -1 Do not release this as Apache DataFusion Python 44.0.0 > because... > > > >> > > > >> Here is my vote: > > > >> > > > >> +1 (non-binding) > > > >> > > > >> [1]: > > > >> > > > >> > > > > https://github.com/apache/datafusion-python/tree/f5a9f25080a6774d9dd202774baae8a659b2e396 > > > >> [2]: > > > >> > > > >> > > > > https://dist.apache.org/repos/dist/dev/datafusion/apache-datafusion-python-44.0.0-rc1 > > > >> [3]: > > > >> > > > >> > > > > https://github.com/apache/datafusion-python/blob/f5a9f25080a6774d9dd202774baae8a659b2e396/CHANGELOG.md > > > >> [4]: https://test.pypi.org/project/datafusion/44.0.0/ > > > >> > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org > > > For additional commands, e-mail: dev-h...@datafusion.apache.org > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@datafusion.apache.org > For additional commands, e-mail: dev-h...@datafusion.apache.org > >
