+1 binding Thanks
1. Cryptographic Verification - SHA512 checksum: VERIFIED ✓ - GPG signature: VALID ✓ - Signing key: C614A2E649BB45F7FF7F849719272095A6D67D98 (HyeonhoKim) - Key confirmed in official Apache DataSketches KEYS file 2. License Compliance - Apache License 2.0 present and complete ✓ - NOTICE file present with proper attribution ✓ - All 204 Go source files have proper Apache license headers ✓ 3. Security Analysis - No suspicious code patterns detected ✓ - No binary files in source distribution ✓ - No command execution, network calls, or syscalls found ✓ - No hardcoded credentials or suspicious URLs ✓ - Dependencies are all legitimate and appropriate ✓ Legitimate usage found: - 6 unsafe operations (string-to-byte conversions and sizeof) - 1 crypto/rand usage (random seed generation for bloom filters) - 2 academic paper references (dimacs.rutgers.edu, arxiv.org) 4. Test Execution All tests passed successfully: - 14 test packages executed - 0 failures - Total test time: ~31.4 seconds Test results: ✓ count, cpc, examples, filters, frequencies ✓ hll, internal, binomialbounds, binomialproportionsbounds ✓ kll, sampling, tdigest, theta, tuple 5. Package Structure Clean and well-organized structure with proper Apache project files (LICENSE, NOTICE, CONTRIBUTING.md, RELEASE.md). Issues Identified: NONE On Wed, Feb 4, 2026 at 4:04 PM Hyeonho Kim <[email protected]> wrote: > > Hi everyone! > > I would like to propose releasing Apache DataSketches Go v0.1.0. > Changes since RC3: > - Fixed artifact packaging issue > - Fixed several flaky test cases > > Source Distribution: > https://dist.apache.org/repos/dist/dev/datasketches/go/0.1.0-RC4/ > > Github tag: > https://github.com/apache/datasketches-go/releases/tag/v0.1.0-rc4 > > How to use (choose one or both): > > - Go module: > > go get github.com/apache/[email protected] > > - From source: > > Download, verify signatures, and run tests. > > > To verify signatures: > > curl -O > https://dist.apache.org/repos/dist/dev/datasketches/go/0.1.0-RC4/apache-datasketches-go-0.1.0-src.tar.gz > > curl -O > https://dist.apache.org/repos/dist/dev/datasketches/go/0.1.0-RC4/apache-datasketches-go-0.1.0-src.tar.gz.asc > > gpg --verify apache-datasketches-go-0.1.0-src.tar.gz.asc > > > To run tests (choose one or both): > > - If you have already installed go: > > go test ./... > > - If you have container runtime(e.g., Docker): > > ./build/run-docker-test.sh > > > The vote will remain open for at least 72 hours. > > [ ] +1 Release this as Apache DataSketches Go 0.1.0 > [ ] 0 No opinion > [ ] -1 Do not release (please explain why) > > Best regards, > Hyeonho Kim > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
