Hi folks, 1. The checksums are basically correct (in terms of pure checksum), you can verify for instance with this sha512 content:
5c8b2d967965e9b578ca1e4e3e5d659a5bd5cdb3ee2ae1622a2eae95605e5e8683902b5d3044736220eb48c29d4dd70275eab95528270ebbb411a8e71f8c159c apache_polaris-1.4.0rc1.tar.gz for instance. 2. Usually, to simplify the check, the path in the sha512 should use a relative local path (that's the issue here: the sha512 file should a relative path but relative to the root folder). 3. Since the checksums are correct, we can update dist.apache.org to use the related one level path. I fixed the sha512 files on dist.apache.org. @Yong and @Dmitri can you check again? It should be fine by default now. Regards JB On Wed, Apr 22, 2026 at 2:19 AM Dmitri Bourlatchkov <[email protected]> wrote: > Correction: I found the key. Signatures are OK. > > Still, the other issues remain. > > Cheers, > Dmitri. > > On Tue, Apr 21, 2026 at 8:06 PM Dmitri Bourlatchkov <[email protected]> > wrote: > > > Hi Adnan, > > > > -1 (binding) > > > > Sorry for nitpicks, but checksums do not easily match based on data in > > dist - file paths are not aligned: > > > > $ sha512sum -c *.sha512 > > sha512sum: client/python/dist/apache_polaris-1.4.0rc1-py3-none-any.whl: > No > > such file or directory > > client/python/dist/apache_polaris-1.4.0rc1-py3-none-any.whl: FAILED open > > or read > > sha512sum: WARNING: 1 listed file could not be read > > sha512sum: client/python/dist/apache_polaris-1.4.0rc1.tar.gz: No such > file > > or directory > > client/python/dist/apache_polaris-1.4.0rc1.tar.gz: FAILED open or read > > sha512sum: WARNING: 1 listed file could not be read > > > > Signature verification failed: > > > > $ gpg --verify apache_polaris-1.4.0rc1-py3-none-any.whl.asc > > apache_polaris-1.4.0rc1-py3-none-any.whl > > gpg: Signature made Tue 21 Apr 2026 01:30:38 AM EDT > > gpg: using RSA key > 81010346A868FB157879A81354F298C6A64BECCC > > gpg: Can't check signature: No public key > > > > I downloaded the latest KEYS file... Did I miss something?.. What is this > > RSA key? > > > > Also file names contain "rc1", which I think is still not great. I > believe > > the RC set of files on dist/dev should be exactly as the final set of > > release files if the vote is successful, right? > > > > Cheers, > > Dmitri. > > > > On Tue, Apr 21, 2026 at 1:38 AM Adnan Hemani via dev < > > [email protected]> wrote: > > > >> Uploaded the source distribution on dist.apache.org. > >> > >> Yong, I'm not sure what you're pointing out. Can you explain further? > >> > >> Best, > >> Adnan Hemani > >> > >> On Mon, Apr 20, 2026 at 10:03 PM Yong Zheng <[email protected]> wrote: > >> > >> > Maybe wrong path in the sha512: > >> > cat apache_polaris-1.4.0rc1-py3-none-any.whl.sha512 > >> > > >> > beedace582c330e2602a643364fbf5806c3c7564897384f42e1ac546ed69e06c64cb29d7ab32787b05078785416c387be6ce66ce63e20ba6ebf9a36d16332e7d > >> > client/python/dist/apache_polaris-1.4.0rc1-py3-none-any.whl > >> > > >> > Thanks, > >> > Yong Zheng > >> > > >> > On 2026/04/20 23:41:04 Adnan Hemani via dev wrote: > >> > > Hi all, > >> > > > >> > > I propose that we release the following RC as the official Apache > >> Polaris > >> > > Python CLI 1.4.0 release. > >> > > > >> > > SVN: > >> https://dist.apache.org/repos/dist/dev/polaris/python-client/1.4.0/ > >> > > Test PyPI: https://test.pypi.org/project/apache-polaris/1.4.0rc1/ > >> > > > >> > > Starting with Apache Polaris 1.5.0, the CLI should be released > >> alongside > >> > > all other release artifacts within the full Polaris Release > Candidate. > >> > Work > >> > > to make this happen can be found here: > >> > > https://github.com/apache/polaris/pull/4220 > >> > > > >> > > Please vote in the next 72 hours. > >> > > > >> > > [ ] +1 Release this as Apache Polaris 1.4.0 > >> > > [ ] +0 > >> > > [ ] -1 Do not release this because... > >> > > > >> > > Only PMC members have binding votes, but other community members are > >> > > encouraged to cast non-binding votes. > >> > > This vote will pass if there are 3 binding +1 votes and more binding > >> +1 > >> > > votes than -1 votes. > >> > > > >> > > Best, > >> > > Adnan Hemani > >> > > > >> > > >> > > >
