+1 (binding) Ran through the normal things and did an llm assisted license check again.
Apache Polaris 1.4.1 RC0 — Validation Report Tag: apache-polaris-1.4.1-rc0 (9569f2d24c08f926cf768290fda7680cdb1e1611) Signed by: Apache Polaris Automated Release Signing < [email protected]> Fingerprint: F2EEEB06110BEE1397EC74CBB8960FF52D9B1312 Passed ------ 1. GPG signature verification $ gpg --verify apache-polaris-1.4.1.tar.gz.asc apache-polaris-1.4.1.tar.gz Good signature from "Apache Polaris Automated Release Signing < [email protected]>" 2. SHA-512 checksum $ shasum -a 512 apache-polaris-1.4.1.tar.gz 1dab218abf43dd0e...9dfdde — matches .sha512 file 3. Source tarball contents - LICENSE present (Apache License 2.0) - NOTICE present (Copyright 2026 The Apache Software Foundation) - No DISCLAIMER file (correct for a TLP) - Binary files: 38 total, all images (PNG, ICO) for site/docs — acceptable 4. Git tag verification $ git rev-parse apache-polaris-1.4.1-rc0^{commit} 9569f2d24c08f926cf768290fda7680cdb1e1611 — matches vote email 5. Build from source $ ./gradlew build -x intTest -x rat --no-daemon BUILD SUCCESSFUL in 11m 21s, 1433 tasks All unit tests passed (including Testcontainers-based Postgres and MongoDB tests) 6. Maven staging artifacts (orgapachepolaris-1065) - 67 modules staged - Spot-checked polaris-core, polaris-server, polaris-api-management-model: all have .jar, .pom, -sources.jar, -javadoc.jar, .asc, .md5, .sha1 - Parent POM: correct groupId (org.apache.polaris), version (1.4.1), license (Apache-2.0), SCM tag (apache-polaris-1.4.1), SCM URL (https://github.com/apache/polaris) 7. Binary distribution (polaris-bin-1.4.1.tgz) - LICENSE: 2055 lines, includes Apache 2.0 full text plus per-artifact license declarations for all bundled dependencies - NOTICE: 978 lines, reproduces NOTICE files from bundled projects (Picocli, gRPC, Netty, Jackson, etc.) - Non-Apache licenses found: BSD 2-Clause (org.crac) — Category A, acceptable 8. Helm chart (polaris-1.4.1.tgz) - Staged at dist.apache.org with .asc, .prov, .sha512 On Fri, May 1, 2026 at 7:30 AM Dmitri Bourlatchkov <[email protected]> wrote: > +1 (binding) > > Verified: > * Checksums > * Signatures > * Local `gradle assemble` from source > > Cheers, > Dmitri. > > On Fri, May 1, 2026 at 3:12 AM Jean-Baptiste Onofré <[email protected]> > wrote: > > > Hi everyone, > > > > I propose that we release the following RC as the official Apache Polaris > > 1.4.1 release. > > > > This corresponds to the tag: apache-polaris-1.4.1-rc0 > > > > https://github.com/apache/polaris/commits/apache-polaris-1.4.1-rc0 > > > > > https://github.com/apache/polaris/tree/9569f2d24c08f926cf768290fda7680cdb1e1611 > > > > The release tarball, signature, and checksums are here: > > > > https://dist.apache.org/repos/dist/dev/polaris/1.4.1 > > > > Helm charts are available on: > > > > https://dist.apache.org/repos/dist/dev/polaris/helm-chart/1.4.1 > > > > NB: you have to build the Docker images locally in order to test Helm > > charts. > > > > You can find the KEYS file here: > > > > https://downloads.apache.org/polaris/KEYS > > > > Convenience binary artifacts are staged on Nexus. > > The Maven repository URL is: > > > > > https://repository.apache.org/content/repositories/orgapachepolaris-1065/ > > > > Please download, verify, and test according to the release verification > > guide, which can be found at: > > > > > > > https://polaris.apache.org/community/release-guides/release-verification-guide/ > > > > Because this release includes important security fixes, this vote is open > > for 24 hours and will close as soon as it receives 3 binding votes. > > > > [ ] +1 Release this as Apache Polaris 1.4.1 > > [ ] +0 > > [ ] -1 Do not release this because... > > > > Only PMC members have binding votes, but other community members are > > encouraged to cast non-binding votes. > > This vote will pass as soon as there are 3 binding +1. > > > > Regards > > JB > > >
