Hi, Shawn:

I agree with Manu that we should resolve this issue and stick to the right
release process.

We have a script under `dev/release/create_rc.sh` to help create a rc,
which includes creating tag, checksum, signed signature, and uploading rc
to svn.

Hi, Danny:

Thanks for driving the release. To make the release smoother and unblock
other pr merging, please cut a 0.10.0-rc branch first, and create rc from
this branch.

On Fri, Jul 3, 2026 at 7:42 AM Manu Zhang <[email protected]> wrote:

> Hi Shawn,
>
> I’d suggest we fix the release process and make another RC to ensure we
> never mismatch tag and tarball again. Otherwise, we might miss it again
> next time and it could be a source file.
>
> Thanks,
> Manu
>
> Shawn Chang <[email protected]>于2026年7月3日 周五02:37写道:
>
>> Hi Manu,
>>
>> Thanks for catching this and for doing the verification!
>>
>> The two mismatches are limited to a CI workflow update and changelog
>> entries, and neither affects the released source code, license, build
>> output, or the artifacts users will consume. My inclination is that
>> these changes are not significant enough to justify cutting another RC.
>>
>> That said, I understand the importance of having the signed tag and the
>> source tarball match exactly, so I’m happy to hear other opinions from the
>> community on whether we should bump the RC
>>
>> Best,
>>
>> Shawn
>>
>>
>>
>> On Thu, Jul 2, 2026 at 9:07 AM Manu Zhang <[email protected]>
>> wrote:
>>
>>> -1 (non-binding)
>>>
>>> The ASF source tarball does not match the signed Git tag v0.10.0-rc.2
>>> (be6cc96eaeb1cac4574cabb11ea6e1e92e0aad45). A clean diff found two
>>> mismatched files:
>>>
>>>   - .github/workflows/bindings_python_ci.yml: ASF tarball contains a
>>> Rust setup/cache block (PR #2679) that the signed tag does not.
>>>   - CHANGELOG.md: ASF tarball includes PR #2745 and #2750 changelog
>>> entries that the signed tag does not.
>>>
>>> Thanks,
>>> Manu
>>>
>>> On Thu, Jul 2, 2026 at 4:07 PM Renjie Liu <[email protected]>
>>> wrote:
>>>
>>>> +1 binding
>>>>
>>>> Verified locally on ubunt 26.04
>>>>
>>>>
>>>>    - SHA-512
>>>>    - Signature
>>>>    - Header
>>>>    - Ran `dev/release/verify_rc.sh 0.10.0 2 --verify_signature 0
>>>>    --import_gpg_keys 1` for build and tests
>>>>
>>>> Thanks Danny for driving the release.
>>>>
>>>>
>>>> On Thu, Jul 2, 2026 at 12:19 PM Neelesh Salian <
>>>> [email protected]> wrote:
>>>>
>>>>> +1 (non-binding)
>>>>>
>>>>> Verified locally on macOS (M4 Max):
>>>>>
>>>>>    - SHA-512: matches
>>>>>    - GPG signature: Good signature from Shawn Chang <[email protected]
>>>>>    >
>>>>>    - Git tag v0.10.0-rc.2 resolves (annotated) to commit
>>>>>    be6cc96eaeb1cac4574cabb11ea6e1e92e0aad45
>>>>>    - LICENSE / NOTICE / README.md present
>>>>>    - No unexpected binary files in the source tarball
>>>>>    - Builds from source: make build (cargo build --all-targets
>>>>>    --all-features --workspace) succeeded
>>>>>
>>>>> Separately, I checked the release tracking cross-check (#2527
>>>>> <https://github.com/apache/iceberg-rust/issues/2527>): all listed
>>>>> blockers are merged and present in the RC tag.
>>>>>
>>>>> Thanks for doing the release, Danny.
>>>>>
>>>>> On Wed, Jul 1, 2026 at 8:48 AM Jones, Danny <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hello Apache Iceberg Rust Community,
>>>>>>
>>>>>>
>>>>>>
>>>>>> This is a call for a vote to release Apache Iceberg Rust version
>>>>>> 0.10.0.
>>>>>>
>>>>>>
>>>>>>
>>>>>> The tag to be voted on is: v0.10.0-rc.2.
>>>>>>
>>>>>>
>>>>>>
>>>>>> The release candidate:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://dist.apache.org/repos/dist/dev/iceberg/apache-iceberg-rust-0.10.0-rc2/
>>>>>>
>>>>>>
>>>>>>
>>>>>> Keys to verify the release candidate:
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://downloads.apache.org/iceberg/KEYS
>>>>>>
>>>>>>
>>>>>>
>>>>>> Git tag for the release:
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://github.com/apache/iceberg-rust/releases/tag/v0.10.0-rc.2
>>>>>>
>>>>>>
>>>>>>
>>>>>> Please download, verify, and test the release candidate.
>>>>>>
>>>>>>
>>>>>>
>>>>>> This vote will be open for at least 72 hours and will remain open
>>>>>> until the required number of votes is reached.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Please vote accordingly:
>>>>>>
>>>>>> [ ] +1 Approve
>>>>>>
>>>>>> [ ] +0 No opinion
>>>>>>
>>>>>> [ ] -1 Disapprove (please provide a reason)
>>>>>>
>>>>>>
>>>>>>
>>>>>> To learn more about Apache Iceberg, please visit:
>>>>>>
>>>>>> https://rust.iceberg.apache.org/
>>>>>>
>>>>>>
>>>>>>
>>>>>> Checklist for reference:
>>>>>>
>>>>>> [ ] Download links are valid
>>>>>>
>>>>>> [ ] Checksums and signatures are correct
>>>>>>
>>>>>> [ ] LICENSE and NOTICE files are present
>>>>>>
>>>>>> [ ] No unexpected binary files are included
>>>>>>
>>>>>> [ ] All source files have ASF headers
>>>>>>
>>>>>> [ ] The project builds successfully from source
>>>>>>
>>>>>> [ ] pyiceberg-core builds and tests successfully
>>>>>>
>>>>>>
>>>>>>
>>>>>> For more details, please refer to:
>>>>>>
>>>>>> https://rust.iceberg.apache.org/release.html#how-to-verify-a-release
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Danny C Jones and Shawn Chang
>>>>>>
>>>>>>
>>>>>>
>>>>>

Reply via email to