Hi, Shawn: I agree with Manu that we should resolve this issue and stick to the right release process.
We have a script under `dev/release/create_rc.sh` to help create a rc, which includes creating tag, checksum, signed signature, and uploading rc to svn. Hi, Danny: Thanks for driving the release. To make the release smoother and unblock other pr merging, please cut a 0.10.0-rc branch first, and create rc from this branch. On Fri, Jul 3, 2026 at 7:42 AM Manu Zhang <[email protected]> wrote: > Hi Shawn, > > I’d suggest we fix the release process and make another RC to ensure we > never mismatch tag and tarball again. Otherwise, we might miss it again > next time and it could be a source file. > > Thanks, > Manu > > Shawn Chang <[email protected]>于2026年7月3日 周五02:37写道: > >> Hi Manu, >> >> Thanks for catching this and for doing the verification! >> >> The two mismatches are limited to a CI workflow update and changelog >> entries, and neither affects the released source code, license, build >> output, or the artifacts users will consume. My inclination is that >> these changes are not significant enough to justify cutting another RC. >> >> That said, I understand the importance of having the signed tag and the >> source tarball match exactly, so I’m happy to hear other opinions from the >> community on whether we should bump the RC >> >> Best, >> >> Shawn >> >> >> >> On Thu, Jul 2, 2026 at 9:07 AM Manu Zhang <[email protected]> >> wrote: >> >>> -1 (non-binding) >>> >>> The ASF source tarball does not match the signed Git tag v0.10.0-rc.2 >>> (be6cc96eaeb1cac4574cabb11ea6e1e92e0aad45). A clean diff found two >>> mismatched files: >>> >>> - .github/workflows/bindings_python_ci.yml: ASF tarball contains a >>> Rust setup/cache block (PR #2679) that the signed tag does not. >>> - CHANGELOG.md: ASF tarball includes PR #2745 and #2750 changelog >>> entries that the signed tag does not. >>> >>> Thanks, >>> Manu >>> >>> On Thu, Jul 2, 2026 at 4:07 PM Renjie Liu <[email protected]> >>> wrote: >>> >>>> +1 binding >>>> >>>> Verified locally on ubunt 26.04 >>>> >>>> >>>> - SHA-512 >>>> - Signature >>>> - Header >>>> - Ran `dev/release/verify_rc.sh 0.10.0 2 --verify_signature 0 >>>> --import_gpg_keys 1` for build and tests >>>> >>>> Thanks Danny for driving the release. >>>> >>>> >>>> On Thu, Jul 2, 2026 at 12:19 PM Neelesh Salian < >>>> [email protected]> wrote: >>>> >>>>> +1 (non-binding) >>>>> >>>>> Verified locally on macOS (M4 Max): >>>>> >>>>> - SHA-512: matches >>>>> - GPG signature: Good signature from Shawn Chang <[email protected] >>>>> > >>>>> - Git tag v0.10.0-rc.2 resolves (annotated) to commit >>>>> be6cc96eaeb1cac4574cabb11ea6e1e92e0aad45 >>>>> - LICENSE / NOTICE / README.md present >>>>> - No unexpected binary files in the source tarball >>>>> - Builds from source: make build (cargo build --all-targets >>>>> --all-features --workspace) succeeded >>>>> >>>>> Separately, I checked the release tracking cross-check (#2527 >>>>> <https://github.com/apache/iceberg-rust/issues/2527>): all listed >>>>> blockers are merged and present in the RC tag. >>>>> >>>>> Thanks for doing the release, Danny. >>>>> >>>>> On Wed, Jul 1, 2026 at 8:48 AM Jones, Danny <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello Apache Iceberg Rust Community, >>>>>> >>>>>> >>>>>> >>>>>> This is a call for a vote to release Apache Iceberg Rust version >>>>>> 0.10.0. >>>>>> >>>>>> >>>>>> >>>>>> The tag to be voted on is: v0.10.0-rc.2. >>>>>> >>>>>> >>>>>> >>>>>> The release candidate: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> https://dist.apache.org/repos/dist/dev/iceberg/apache-iceberg-rust-0.10.0-rc2/ >>>>>> >>>>>> >>>>>> >>>>>> Keys to verify the release candidate: >>>>>> >>>>>> >>>>>> >>>>>> https://downloads.apache.org/iceberg/KEYS >>>>>> >>>>>> >>>>>> >>>>>> Git tag for the release: >>>>>> >>>>>> >>>>>> >>>>>> https://github.com/apache/iceberg-rust/releases/tag/v0.10.0-rc.2 >>>>>> >>>>>> >>>>>> >>>>>> Please download, verify, and test the release candidate. >>>>>> >>>>>> >>>>>> >>>>>> This vote will be open for at least 72 hours and will remain open >>>>>> until the required number of votes is reached. >>>>>> >>>>>> >>>>>> >>>>>> Please vote accordingly: >>>>>> >>>>>> [ ] +1 Approve >>>>>> >>>>>> [ ] +0 No opinion >>>>>> >>>>>> [ ] -1 Disapprove (please provide a reason) >>>>>> >>>>>> >>>>>> >>>>>> To learn more about Apache Iceberg, please visit: >>>>>> >>>>>> https://rust.iceberg.apache.org/ >>>>>> >>>>>> >>>>>> >>>>>> Checklist for reference: >>>>>> >>>>>> [ ] Download links are valid >>>>>> >>>>>> [ ] Checksums and signatures are correct >>>>>> >>>>>> [ ] LICENSE and NOTICE files are present >>>>>> >>>>>> [ ] No unexpected binary files are included >>>>>> >>>>>> [ ] All source files have ASF headers >>>>>> >>>>>> [ ] The project builds successfully from source >>>>>> >>>>>> [ ] pyiceberg-core builds and tests successfully >>>>>> >>>>>> >>>>>> >>>>>> For more details, please refer to: >>>>>> >>>>>> https://rust.iceberg.apache.org/release.html#how-to-verify-a-release >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Danny C Jones and Shawn Chang >>>>>> >>>>>> >>>>>> >>>>>
