-
Notifications
You must be signed in to change notification settings - Fork 176
Vote Templates
Ed Espino edited this page Jun 6, 2025
·
15 revisions
Subject:[VOTE] Release Apache Cloudberry (Incubating) 2.0.0-rc1
Hi all,
I would like to call a VOTE to release Apache Cloudberry (Incubating) 2.0.0-rc1 — the first official Apache release of the Apache Cloudberry (Incubating) project since it entered incubation.
While the community has produced releases prior to joining the Apache Software Foundation, this is our first release under the ASF's governance, following the official Apache release process and incorporating all relevant legal, licensing, and distribution requirements.
---
Release Candidate Artifacts
Staged release artifacts:
https://dist.apache.org/repos/dist/dev/incubator/cloudberry/2.0.0-incubating-rc1/
Git tag:
https://github.com/apache/cloudberry/releases/tag/2.0.0-incubating-rc1
Commit:
https://github.com/apache/cloudberry/commit/ce1fc9438989ac22146c1c7e483933f3560e6572
PGP signature key:
3B90B5634E4506F05BA51F2FC9604135C07CD12A — Ed Espino ([email protected])
KEYS file:
https://dist.apache.org/repos/dist/dev/incubator/cloudberry/KEYS
How to Vote
Please review the release candidate and cast your vote:
[ ] +1 Approve the release
[ ] 0 No opinion
[ ] -1 Disapprove (please explain why)
This vote will be open for at least 72 hours - June 8, 2025 at 08:00 UTC.
Checklist for reference:
[ ] Download links are valid and accessible.
[ ] PGP signature is valid for the release artifact using the KEYS file (see instructions below).
[ ] SHA512 checksums are correct and verified (see instructions below).
[ ] Source release artifact filename includes "incubating".
[ ] LICENSE, NOTICE, and DISCLAIMER files exist and are accurate.
[ ] No unexpected binary files in the source release.
[ ] All source files have appropriate ASF headers (excluding generated files and legacy files).
[ ] Build completes successfully from source with clear instructions.
PGP Signature and SHA512 Verification Instructions
To verify the integrity and authenticity of the release artifacts, use the Apache PGP process:
- Import the release manager’s public key (if not already trusted):
curl https://dist.apache.org/repos/dist/dev/incubator/cloudberry/KEYS | gpg --import
- Verify the signature of the source release artifact:
gpg --verify apache-cloudberry-2.0.0-incubating-rc1-src.tar.gz.asc apache-cloudberry-2.0.0-incubating-rc1-src.tar.gz
You should see output similar to:
gpg: Good signature from "Ed Espino <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
This means the signature is cryptographically valid, but unless you've personally signed Ed's key or imported it via a trusted web of trust, it will remain "untrusted" (expected behavior).
Validate the SHA512 checksum:
sha512sum -c apache-cloudberry-2.0.0-incubating-rc1-src.tar.gz.sha512
The output should show:
apache-cloudberry-2.0.0-incubating-rc1-src.tar.gz: OK
For more information, see the Apache Release Signing Guide - https://www.apache.org/dev/release-signing.html
About Convenience Binaries
As this is our initial release under the Apache Software Foundation, we are not providing any convenience binaries (such as .rpm, .deb, or Docker images) as part of this vote. The official release consists solely of the source artifacts linked above.
We will be gathering input from the development community on which convenience binaries would be most useful and plan to make them available in the near future via appropriate non-release channels.
Please note: any such convenience binaries will not be official ASF releases and will be clearly labeled as such, in accordance with ASF policy.
---
Thanks for reviewing and voting!
Best,
-=Ed Espino
(on behalf of the Apache Cloudberry (Incubating) community)
---
Note: follow ASF release policy and Incubator guidelines: https://incubator.apache.org/guides/releasemanagement.html