Re: Signing releases with pwendell or release manager's key?

Sounds good - thanks Holden! On Mon, Sep 18, 2017 at 8:21 PM, Holden Karau wrote: > That sounds like a pretty good temporary work around if folks agree I'll > cancel release vote for 2.1.2 and work on getting an RC2 out later this > week manually signed. I've filed JIRA

Re: [VOTE] Spark 2.1.2 (RC1)

As per the conversation happening around the signing of releases I'm cancelling this vote. If folks agree with the temporary solution there I'll try and get a new RC out shortly but if we end up blocking on migrating the Jenkins jobs it could take a bit longer. On Sun, Sep 17, 2017 at 1:30 AM,

Re: Signing releases with pwendell or release manager's key?

That sounds like a pretty good temporary work around if folks agree I'll cancel release vote for 2.1.2 and work on getting an RC2 out later this week manually signed. I've filed JIRA SPARK-22055 & SPARK-22054 to port the release scripts and allow injecting of the RM's key. On Mon, Sep 18, 2017 at

Re: Signing releases with pwendell or release manager's key?

For the current release - maybe Holden could just sign the artifacts with her own key manually, if this is a concern. I don't think that would require modifying the release pipeline, except to just remove/ignore the existing signatures. - Patrick On Mon, Sep 18, 2017 at 7:56 PM, Reynold Xin

Re: Signing releases with pwendell or release manager's key?

Does anybody know whether this is a hard blocker? If it is not, we should probably push 2.1.2 forward quickly and do the infrastructure improvement in parallel. On Mon, Sep 18, 2017 at 7:49 PM, Holden Karau wrote: > I'm more than willing to help migrate the scripts as part

Re: Signing releases with pwendell or release manager's key?

I'm more than willing to help migrate the scripts as part of either this release or the next. It sounds like there is a consensus developing around changing the process -- should we hold off on the 2.1.2 release or roll this into the next one? On Mon, Sep 18, 2017 at 7:37 PM, Marcelo Vanzin

Re: Signing releases with pwendell or release manager's key?

+1 to this. There should be a script in the Spark repo that has all the logic needed for a release. That script should take the RM's key as a parameter. if there's a desire to keep the current Jenkins job to create the release, it should be based on that script. But from what I'm seeing there are

Re: Signing releases with pwendell or release manager's key?

Hey I talked more with Josh Rosen about this who has helped with automation since I became less involved in release management. I can think of a few different things that would improve our RM based on these suggestions: (1) We could remove signing step from the rest of the automation and as the

Re: Signing releases with pwendell or release manager's key?

i will detail how we control access to the jenkins infra tomorrow. we're pretty well locked down, but there is absolutely room for improvement. this thread is also a good reminder that we (RMs + pwendell + ?) should audit who still has, but does not need direct (or special) access to jenkins.

Re: Signing releases with pwendell or release manager's key?

One thing we could do is modify the release tooling to allow the key to be injected each time, thus allowing any RM to insert their own key at build time. Patrick On Mon, Sep 18, 2017 at 4:56 PM Ryan Blue wrote: > I don't understand why it is necessary to share a release

Re: Signing releases with pwendell or release manager's key?

I don't understand why it is necessary to share a release key. If this is something that can be automated in a Jenkins job, then can it be a script with a reasonable set of build requirements for Mac and Ubuntu? That's the approach I've seen the most in other projects. I'm also not just concerned

Re: Signing releases with pwendell or release manager's key?

Looks like this thread is touching a few different issues: - Process documentation: I was trying to learn the details behind the automation, release signatures, etc in the Spark release management official documentation (http://spark.apache.org/release-process.html) , and it looks like not much