+0 More information is needed for me to update to +1.
I see this signature: ``` [blue@dev tmp]$ gpg --verify apache-polaris-1.3.0-incubating.tar.gz.asc gpg: assuming signed data in 'apache-polaris-1.3.0-incubating.tar.gz' gpg: Signature made Tue 25 Nov 2025 01:08:54 AM PST gpg: using RSA key 6A6532EAD1AE4441ACE054870E971D601C4AD16F gpg: Good signature from "Apache Polaris <[email protected]>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6A65 32EA D1AE 4441 ACE0 5487 0E97 1D60 1C4A D16F ``` Since that is not a release manager, this must have been produced by the release automation scripts that were discussed on the dev list. I took a quick look, but I don't see how the private key is protected. The release guide covers manual releases. I'm assuming that this is stored as a github secret and is only accessible in a workflow that authorized users have access to? (I see that it must be run by a committer from the thread on the dev list.) I'll change to +1 if someone can let me know how the keys are managed. On Tue, Dec 9, 2025 at 9:27 AM Jean-Baptiste Onofré <[email protected]> wrote: > Dear IPMC members, > > This is a gentle reminder that the Apache Polaris 1.3.0-incubating (RC2) > vote still requires a third binding vote to pass. > > Thank you, > > Regards > JB > > On Mon, Dec 1, 2025 at 9:35 AM Pierre Laporte <[email protected]> > wrote: > > > Hello everyone, > > > > The Apache Polaris community has voted and approved the release of Apache > > Polaris 1.3.0-incubating (RC2). We now kindly request the IPMC members > > review and vote for this release. > > > > Polaris community vote thread: > > * https://lists.apache.org/thread/fw8xhobpnoy3mvvw8hxd3r7kw5of4kos > > > > Vote result thread: > > * https://lists.apache.org/thread/xjwb04c33oo387g5gjdx674bw7t9bhz2 > > > > This corresponds to the tag: apache-polaris-1.3.0-incubating-rc2 > > * > > > > > https://github.com/apache/polaris/commits/apache-polaris-1.3.0-incubating-rc2 > > * > > > > > https://github.com/apache/polaris/tree/308134d6440f8167afd563a885187e238c21048a > > > > The release tarball, signature, and checksums are here: > > * > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/1.3.0-incubating > > > > Helm charts are available on: > > * > > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/helm-chart/1.3.0-incubating/ > > NB: you have to build the Docker images locally in order to test Helm > > charts. > > > > You can find the KEYS file here: > > * https://downloads.apache.org/incubator/polaris/KEYS > > > > Convenience binary artifacts are staged on Nexus. The Maven repository > URL > > is: > > * > https://repository.apache.org/content/repositories/orgapachepolaris-1046 > > > > Please download, verify and test. > > > > Please vote in the next 72 hours. > > > > [ ] +1 approve > > [ ] +0 no opinion > > [ ] -1 disapprove with the reason > > > > To learn more about apache Polaris, please see > https://polaris.apache.org/ > > > > Thanks, > > > > -- > > > > Pierre > > >
