Hi JB, Thanks for fixing the checksum files. They pass validation now. Signatures are OK too. The package installs fine.
However, I still vote -1 because of the RC tags and missing "License" in package info (details below). 1) SHA files still reference files with "rc1" in the name. If we publish them, we'll have to modify the content after voting, which is not nice. $ cat apache_polaris-1.4.0rc1.tar.gz.sha512 5c8b2d967965e9b578ca1e4e3e5d659a5bd5cdb3ee2ae1622a2eae95605e5e8683902b5d3044736220eb48c29d4dd70275eab95528270ebbb411a8e71f8c159c apache_polaris-1.4.0rc1.tar.gz 2) Python package info still shows a version with "rc1" after installation. As I noted before, I believe this will require re-packaging after the vote (to avoid "RC" in the final release). $ venv/bin/pip show apache-polaris Name: apache-polaris Version: 1.4.0rc1 Summary: Apache Polaris Home-page: Author: Author-email: Apache Software Foundation <[email protected]> License: Location: /home/dmitri/Downloads/pol-cli-rc1/venv/lib/python3.12/site-packages Requires: boto3, prettytable, pydantic, python-dateutil, pyyaml, typing-extensions, urllib3 Required-by: Confirmed manually: the "rc1" tag is present in PKG-INFO inside the signed archive too. So, removing the RC tag will require re-signing and will invalidate signature checks during the vote. 3) Licence name is missing from package info. 4) (minor) Home-page and author email are missing from package info Sorry for being picky, but I believe these matters are important. Cheers, Dmitri. On Wed, Apr 22, 2026 at 1:32 AM Jean-Baptiste Onofré <[email protected]> wrote: > Hi folks, > > 1. The checksums are basically correct (in terms of pure checksum), you can > verify for instance with this sha512 content: > > > 5c8b2d967965e9b578ca1e4e3e5d659a5bd5cdb3ee2ae1622a2eae95605e5e8683902b5d3044736220eb48c29d4dd70275eab95528270ebbb411a8e71f8c159c > apache_polaris-1.4.0rc1.tar.gz > > for instance. > > 2. Usually, to simplify the check, the path in the sha512 should use a > relative local path (that's the issue here: the sha512 file should a > relative path but relative to the root folder). > 3. Since the checksums are correct, we can update dist.apache.org to use > the related one level path. I fixed the sha512 files on dist.apache.org. > > @Yong and @Dmitri can you check again? It should be fine by default now. > > Regards > JB > > On Wed, Apr 22, 2026 at 2:19 AM Dmitri Bourlatchkov <[email protected]> > wrote: > > > Correction: I found the key. Signatures are OK. > > > > Still, the other issues remain. > > > > Cheers, > > Dmitri. > > > > On Tue, Apr 21, 2026 at 8:06 PM Dmitri Bourlatchkov <[email protected]> > > wrote: > > > > > Hi Adnan, > > > > > > -1 (binding) > > > > > > Sorry for nitpicks, but checksums do not easily match based on data in > > > dist - file paths are not aligned: > > > > > > $ sha512sum -c *.sha512 > > > sha512sum: client/python/dist/apache_polaris-1.4.0rc1-py3-none-any.whl: > > No > > > such file or directory > > > client/python/dist/apache_polaris-1.4.0rc1-py3-none-any.whl: FAILED > open > > > or read > > > sha512sum: WARNING: 1 listed file could not be read > > > sha512sum: client/python/dist/apache_polaris-1.4.0rc1.tar.gz: No such > > file > > > or directory > > > client/python/dist/apache_polaris-1.4.0rc1.tar.gz: FAILED open or read > > > sha512sum: WARNING: 1 listed file could not be read > > > > > > Signature verification failed: > > > > > > $ gpg --verify apache_polaris-1.4.0rc1-py3-none-any.whl.asc > > > apache_polaris-1.4.0rc1-py3-none-any.whl > > > gpg: Signature made Tue 21 Apr 2026 01:30:38 AM EDT > > > gpg: using RSA key > > 81010346A868FB157879A81354F298C6A64BECCC > > > gpg: Can't check signature: No public key > > > > > > I downloaded the latest KEYS file... Did I miss something?.. What is > this > > > RSA key? > > > > > > Also file names contain "rc1", which I think is still not great. I > > believe > > > the RC set of files on dist/dev should be exactly as the final set of > > > release files if the vote is successful, right? > > > > > > Cheers, > > > Dmitri. > > > > > > On Tue, Apr 21, 2026 at 1:38 AM Adnan Hemani via dev < > > > [email protected]> wrote: > > > > > >> Uploaded the source distribution on dist.apache.org. > > >> > > >> Yong, I'm not sure what you're pointing out. Can you explain further? > > >> > > >> Best, > > >> Adnan Hemani > > >> > > >> On Mon, Apr 20, 2026 at 10:03 PM Yong Zheng <[email protected]> > wrote: > > >> > > >> > Maybe wrong path in the sha512: > > >> > cat apache_polaris-1.4.0rc1-py3-none-any.whl.sha512 > > >> > > > >> > > > beedace582c330e2602a643364fbf5806c3c7564897384f42e1ac546ed69e06c64cb29d7ab32787b05078785416c387be6ce66ce63e20ba6ebf9a36d16332e7d > > >> > client/python/dist/apache_polaris-1.4.0rc1-py3-none-any.whl > > >> > > > >> > Thanks, > > >> > Yong Zheng > > >> > > > >> > On 2026/04/20 23:41:04 Adnan Hemani via dev wrote: > > >> > > Hi all, > > >> > > > > >> > > I propose that we release the following RC as the official Apache > > >> Polaris > > >> > > Python CLI 1.4.0 release. > > >> > > > > >> > > SVN: > > >> https://dist.apache.org/repos/dist/dev/polaris/python-client/1.4.0/ > > >> > > Test PyPI: https://test.pypi.org/project/apache-polaris/1.4.0rc1/ > > >> > > > > >> > > Starting with Apache Polaris 1.5.0, the CLI should be released > > >> alongside > > >> > > all other release artifacts within the full Polaris Release > > Candidate. > > >> > Work > > >> > > to make this happen can be found here: > > >> > > https://github.com/apache/polaris/pull/4220 > > >> > > > > >> > > Please vote in the next 72 hours. > > >> > > > > >> > > [ ] +1 Release this as Apache Polaris 1.4.0 > > >> > > [ ] +0 > > >> > > [ ] -1 Do not release this because... > > >> > > > > >> > > Only PMC members have binding votes, but other community members > are > > >> > > encouraged to cast non-binding votes. > > >> > > This vote will pass if there are 3 binding +1 votes and more > binding > > >> +1 > > >> > > votes than -1 votes. > > >> > > > > >> > > Best, > > >> > > Adnan Hemani > > >> > > > > >> > > > >> > > > > > >
