Hi, Owen. The artifacts for 1.6.3 RC1 are in the same situation.
# gpg --verify orc-1.6.3rc1.tar.gz.asc gpg: assuming signed data in 'orc-1.6.3rc1.tar.gz' gpg: Signature made Thu Apr 23 17:12:02 2020 PDT gpg: using RSA key 75EBAAECF7A297FF22E8C18DD19EB09DAD1C5877 gpg: Can't check signature: No public key The artifacts seems to be signed by a key which is not in https://downloads.apache.org/orc/KEYS Bests, Dongjoon. On Thu, Apr 23, 2020 at 5:16 PM Owen O'Malley <[email protected]> wrote: > All, > > Should we release the following artifacts as ORC 1.6.3? > > tar: http://home.apache.org/~omalley/orc-1.6.3/ > tag: https://github.com/apache/orc/releases/tag/release-1.6.3rc1 > jiras: https://issues.apache.org/jira/projects/ORC/versions/12346545 > > Thanks! >
