+1 binding - Verified signature, checksum - Build + test passed - Checked LICENSE/NOTICE files - No unexpected binary files
I double checked all the LICENSE/NOTICE files against the main branch, and it looks good. I also verified that we're not publishing the open-api jar, compared to 1.10.1 [1][2]. I see that we are still publishing `iceberg-kafka-connect-1.10.2.jar` but that is expected [3][4]. Thanks again for running the release! Best, Kevin Liu [1] https://repository.apache.org/content/repositories/orgapacheiceberg-1281/org/apache/iceberg/iceberg-open-api/1.10.2/ [2] https://repo1.maven.org/maven2/org/apache/iceberg/iceberg-open-api/1.10.1/ [3] https://repository.apache.org/content/repositories/orgapacheiceberg-1281/org/apache/iceberg/iceberg-kafka-connect/1.10.2/ [4] https://repo1.maven.org/maven2/org/apache/iceberg/iceberg-kafka-connect/1.10.1/ On Thu, May 14, 2026 at 8:43 AM Russell Spitzer <[email protected]> wrote: > +1 Binding - > > One minor cleanup to the NOTICE file that we should do but I don't think > blocks release > > BUNDLE-NOTICE inside iceberg-spark-runtime-3.5_2.13-1.10.2.jar: > > Lines 2–3: Apache Iceberg / Copyright 2017-2025 The Apache Software > Foundation > Lines 28–29: Apache Iceberg / Copyright 2017-2026 The Apache Software > Foundation > > So it looks like we missed the year bump on the 1.10.x branch > > Ran my automation - > > Apache Iceberg 1.10.2 RC1 — Validation Report > Tag: apache-iceberg-1.10.2-rc1 (commit > 57396d628cb9f92e121f9c2919398475393f0a3a) > Signed by: Amogh Jahagirdar <[email protected]> (RSA > 7180E16D410C476E010F37E180763BA3EDCCE745) > Passed > ------ > 1. GPG signature verified against KEYS: > gpg --verify apache-iceberg-1.10.2.tar.gz.asc apache-iceberg-1.10.2.tar.gz > -> Good signature from "Amogh Jahagirdar <[email protected]>" > The same key signs all Maven staging artifacts (verified > iceberg-core-1.10.2.jar.asc). > 2. SHA-512 checksum matches: > expected/actual = > 7eba5c85037bc150efcea3e06dae6653be961a275f1bc5d5333c9a22d18c67d6 > 8c40f6396ee9501bfad15906d9df13858940326ea2258728c8e0d5eedd65b9bd > 3. Source tarball hygiene: > - LICENSE present, Apache 2.0 > - NOTICE present > - No DISCLAIMER (correct: TLP, not incubating) > - Only binary files are PNG/ICO logos and favicons > - License headers scanned on 3,059 / 3,062 source files -- Russ (We ship a > few javascript files in the docs without an ASF header because we didn't > write them) > 4. Tag points at the expected commit: > git rev-parse apache-iceberg-1.10.2-rc1^{commit} > -> 57396d628cb9f92e121f9c2919398475393f0a3a (matches vote email) > 5. Builds from source on macOS / OpenJDK 21.0.7: > ./gradlew build -x test -x integrationTest > -> BUILD SUCCESSFUL in 1m 54s (432 tasks) > 6. Unit tests pass for the highest-stability modules: > ./gradlew :iceberg-core:test :iceberg-api:test > -> 8,008 tests, 0 failures, 0 errors, 452 skipped (across 331 test classes) > 7. Maven staging repo (orgapacheiceberg-1281) looks complete: > - 50 modules published under org.apache.iceberg > - Each artifact has .jar, .pom, .module, -sources.jar, -javadoc.jar, > -tests.jar > - Each file is accompanied by .asc, .md5, .sha1, .sha256, .sha512 > - iceberg-core-1.10.2.pom: correct groupId/artifactId/version, Apache 2.0 > license, GitHub issues SCM URL > - Shaded runtime jars (e.g. iceberg-spark-runtime-3.5_2.13, > iceberg-bundled-guava) > bundle LICENSE/NOTICE plus per-dependency licenses under META-INF/licenses/ > 8. Bundled dependency licenses cross-reference cleanly with BUNDLE-LICENSE > in > iceberg-spark-runtime-3.5_2.13-1.10.2.jar: > - 43 bundled coordinates (Jackson, Guava, Avro, Parquet, ORC, Arrow, Netty, > httpcomponents5, datasketches, eclipse-collections, JTS, Nessie, > threeten-extra, > failsafe, microprofile-openapi, …) all have entries in BUNDLE-LICENSE. > - No Category X (GPL/AGPL) licenses present. Only Apache 2.0, MIT, BSD-2/3, > Eclipse Distribution License v1.0, and MPL 2.0 (Mozilla Public Suffix List > bundled by Apache HttpComponents). > - "Lesser General Public" string flagged by a heuristic scanner is purely > from > the standard MPL 2.0 "Secondary License" definition (Section 1.12); no > actual > LGPL-licensed code is bundled. > - BUNDLE-NOTICE reproduces upstream NOTICE text for the major deps with > their > own NOTICE files (Netty, Jackson, Nessie, MicroProfile OpenAPI, > Aircompressor). > > > On Wed, May 13, 2026 at 7:13 PM Amogh Jahagirdar <[email protected]> wrote: > >> Hi Everyone, >> >> I propose that we release the following RC as the official Apache Iceberg >> 1.10.2 release. >> >> The commit ID is 57396d628cb9f92e121f9c2919398475393f0a3a >> * This corresponds to the tag: apache-iceberg-1.10.2-rc1 >> * https://github.com/apache/iceberg/commits/apache-iceberg-1.10.2-rc1 >> * >> https://github.com/apache/iceberg/tree/57396d628cb9f92e121f9c2919398475393f0a3a >> >> The release tarball, signature, and checksums are here: >> * >> https://dist.apache.org/repos/dist/dev/iceberg/apache-iceberg-1.10.2-rc1 >> >> You can find the KEYS file here: >> * https://downloads.apache.org/iceberg/KEYS >> >> Convenience binary artifacts are staged on Nexus. The Maven repository >> URL is: >> * >> https://repository.apache.org/content/repositories/orgapacheiceberg-1281/ >> >> Please download, verify, and test. >> >> Instructions for verifying a release can be found here: >> * https://iceberg.apache.org/how-to-release/#how-to-verify-a-release >> >> Please vote in the next 72 hours. >> >> [ ] +1 Release this as Apache Iceberg 1.10.2 >> [ ] +0 >> [ ] -1 Do not release this because... >> >> Only PMC members have binding votes, but other community members are >> encouraged to cast >> non-binding votes. This vote will pass if there are 3 binding +1 votes >> and more binding >> +1 votes than -1 votes. >> >
