hi Zoltan, I'm looking for ASF guidelines around this, whether it is MUST or SHOULD
https://www.apache.org/dev/release-signing#web-of-trust Because SVN access is only password protected, having access to the KEYS file is a weak standard of security. Could other PMC members comment on this? Thanks On Mon, Apr 29, 2019 at 12:18 PM Zoltan Ivanfi <[email protected]> wrote: > > Hi Wes, > > Gabor's key is in the KEYS file available at > https://dist.apache.org/repos/dist/dev/parquet/KEYS Others may correct me > if I'm mistaken, but as far as I know, this is all that is required. I > mentioned this in the verification steps as well ("4. Verify the signature > by running `gpg --verify apache-parquet-1.11.0.tar.gz.asc`. It should say > "Good signature", the warning about the key not being trusted can be > ignored"). My signing key is also unsigned, because instead of signing each > other's keys we depend on the fact that only privileged users can put their > key into the central KEYS file. > > Br, > > Zoltan > > On Mon, Apr 29, 2019 at 6:46 PM Wes McKinney <[email protected]> wrote: > > > -1 > > > > Gabor's PGP key is unsigned. > > > > $ gpg --verify apache-parquet-1.11.0.tar.gz.asc > > gpg: assuming signed data in 'apache-parquet-1.11.0.tar.gz' > > gpg: Signature made Tue 19 Mar 2019 08:55:48 AM CDT > > gpg: using RSA key 6FB82970311551C7CEF131F5021057DBF048F543 > > gpg: Good signature from "Gabor Szadovszky <[email protected]>" [unknown] > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to the > > owner. > > Primary key fingerprint: 6FB8 2970 3115 51C7 CEF1 31F5 0210 57DB F048 F543 > > > > On Tue, Apr 16, 2019 at 4:10 AM Gabor Szadovszky <[email protected]> wrote: > > > > > > Based on our release process ( > > > http://parquet.apache.org/documentation/how-to-release/) and the related > > > scripts we use the final tag for an RC. So, the existence of this tag > > does > > > not mean 1.11.0 is released. > > > However, I agree this is misleading and not a good practice to remove > > > already committed tags and re-add them to another place (when a new RC > > > comes out). I think, we should update our release process to use RC tags > > > and put the final tag only after it is officially released. But it is the > > > story of the next release... > > > > > > > > > On Sat, Apr 13, 2019 at 8:00 PM 俊杰陈 <[email protected]> wrote: > > > > > > > From the github release page, I see the 1.11.0 already released. Is it > > > > still a rc version? > > > > > > https://github.com/apache/parquet-mr/releases/tag/apache-parquet-1.11.0 > > > > > > > > On Fri, Apr 12, 2019 at 8:10 AM Ryan Blue <[email protected]> > > > > wrote: > > > > > > > > > Personally, I haven't had enough time to devote to Parquet lately and > > > > that > > > > > means I haven't validated that this release's new features are okay > > to > > > > > release. I'm hoping sometime in the next few weeks I'll be able to > > vote > > > > on > > > > > this. > > > > > > > > > > On Thu, Apr 11, 2019 at 1:23 PM Andy Grove <[email protected]> > > wrote: > > > > > > > > > > > I'm curious if there is any update on this vote? The thread seems > > > > eerily > > > > > > quiet. > > > > > > > > > > > > Thanks. > > > > > > > > > > > > On 4/3/19, 10:38 AM, "Andy Grove" <[email protected]> wrote: > > > > > > > > > > > > CAUTION – UNVERIFIED EXTERNAL EMAIL > > > > > > > > > > > > > > > > > > I have been able to run mvn verify and have also tested this RC > > > > > > against our internal systems, with no issue. > > > > > > > > > > > > +1 (non-binding) > > > > > > > > > > > > I have raised the issue about Hadoop-lzo, but that is present > > in > > > > the > > > > > > 1.10.1 release also. > > > > > > > > > > > > Andy. > > > > > > > > > > > > > > > > > > On 3/20/19, 7:50 AM, "Zoltan Ivanfi" <[email protected]> > > > > > wrote: > > > > > > > > > > > > CAUTION – UNVERIFIED EXTERNAL EMAIL > > > > > > > > > > > > > > > > > > +1 (binding) > > > > > > > > > > > > signature matches > > > > > > git hash matches the git tag > > > > > > source tarball matches the git tag > > > > > > unit tests and integration tests pass > > > > > > > > > > > > On Tue, Mar 19, 2019 at 3:00 PM Gabor Szadovszky < > > > > > [email protected]> > > > > > > wrote: > > > > > > > > > > > > > Dear Parquet Users and Developers, > > > > > > > > > > > > > > I propose the following RC to be released as the official > > > > > Apache > > > > > > > Parquet 1.11.0 release: > > > > > > > > > > > > > > The commit id is 9756b0e2b35437a09716707a81e2ac0c187112ed > > > > > > > * This corresponds to the tag: apache-parquet-1.11.0 > > > > > > > * > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fparquet-mr%2Ftree%2F9756b0e2b35437a09716707a81e2ac0c187112ed&data=02%7C01%7CAndy.Grove%40rms.com%7Cc45463142cfe401f12b708d6b852dac3%7Cd43fb8a804da4990b86cc4ba9ba4511f%7C0%7C0%7C636899063342858310&sdata=v6kHzIIpJQp%2Fq7fuR%2ByHVwGV7vZ7lUKupyqKZwmQeFI%3D&reserved=0 > > > > > > > > > > > > > > The release tarball, signature, and checksums are here: > > > > > > > * > > > > > > > > > > > > > > > > > > > > > > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdist.apache.org%2Frepos%2Fdist%2Fdev%2Fparquet%2Fapache-parquet-1.11.0-rc6%2F&data=02%7C01%7CAndy.Grove%40rms.com%7Cc45463142cfe401f12b708d6b852dac3%7Cd43fb8a804da4990b86cc4ba9ba4511f%7C0%7C0%7C636899063342858310&sdata=RVlztCju4ZoZz5vnF8f5RxE7kPmZoKMj3Ipo4x0Aj4k%3D&reserved=0 > > > > > > > > > > > > > > You can find the KEYS file here: > > > > > > > * > > > > > > > > > > > > > > > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdist.apache.org%2Frepos%2Fdist%2Fdev%2Fparquet%2FKEYS&data=02%7C01%7CAndy.Grove%40rms.com%7Cc45463142cfe401f12b708d6b852dac3%7Cd43fb8a804da4990b86cc4ba9ba4511f%7C0%7C0%7C636899063342858310&sdata=8xPAIJ4EkJPXXxZ2hTH%2BuJOtCOrCspYXkjsl%2B44Jb20%3D&reserved=0 > > > > > > > > > > > > > > Binary artifacts are staged in Nexus here: > > > > > > > * > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Fgroups%2Fstaging%2Forg%2Fapache%2Fparquet%2Fparquet%2F1.11.0%2F&data=02%7C01%7CAndy.Grove%40rms.com%7Cc45463142cfe401f12b708d6b852dac3%7Cd43fb8a804da4990b86cc4ba9ba4511f%7C0%7C0%7C636899063342868310&sdata=%2FIW9qYFnwvuL7QgkrYxX%2BZWJ1fcaZz%2Bq1tRJWKfQERU%3D&reserved=0 > > > > > > > > > > > > > > This release includes the following new features: > > > > > > > - PARQUET-1201 - Column indexes > > > > > > > - PARQUET-1253 - Support for new logical type > > representation > > > > > > > - PARQUET-1381 - Add merge blocks command to > > parquet-tools > > > > > > > - PARQUET-1388 - Nanosecond precision time and timestamp > > - > > > > > > parquet-mr > > > > > > > > > > > > > > The release also includes bug fixes, including: > > > > > > > - PARQUET-1472: Dictionary filter fails on > > > > > FIXED_LEN_BYTE_ARRAY. > > > > > > > - PARQUET-1510: Fix notEq for optional columns with null > > > > > values. > > > > > > > - PARQUET-1533: TestSnappy() throws OOM exception with > > > > > > Parquet-1485 change > > > > > > > - PARQUET-1531: Page row count limit causes empty pages > > to be > > > > > > written from > > > > > > > MessageColumnIO > > > > > > > - PARQUET-1544: Possible over-shading of modules > > > > > > > > > > > > > > The following change has been reverted so it is not part > > of > > > > any > > > > > > public > > > > > > > release: > > > > > > > - PARQUET-1381: Add merge blocks command to parquet-tools > > > > > > > > > > > > > > Please download, verify, and test. The vote will be open > > for > > > > at > > > > > > least 72 > > > > > > > hours. > > > > > > > > > > > > > > Thanks, > > > > > > > Gabor > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Ryan Blue > > > > > Software Engineer > > > > > Netflix > > > > > > > > > > > > > > > > > -- > > > > Thanks & Best Regards > > > > > >
