assignUser commented on PR #41131: URL: https://github.com/apache/arrow/pull/41131#issuecomment-2137697423
> However, I'm wondering if it makes sense to start that work now so that we can merge this PR in time for the next release. Sounds like a great idea! I looked for a reference issue in JIRA that documents the process: https://issues.apache.org/jira/browse/INFRA-25610 Hm I just noticed that "All artifacts being signed can be built [reproducibly](https://reproducible-builds.org/)" is a requirement for automated signing. I don't know that we fulfill that yet (leaning towards no?). I'll have to look into it and see how hard this would be to implement. Though afaik we only sign the tarball, so that shouldn't be too hard to make work? Getting it to work with all binary artifacts would probably be a different story. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
