Skip to content

Verifying a release

Each Apache PyIceberg release is validated by the community by holding a vote. A community release manager will prepare a release candidate and call a vote on the Iceberg dev list. To validate the release candidate, community members will test it out in their downstream projects and environments.

In addition to testing in downstream projects, community members also check the release’s signatures, checksums, and license documentation.

Validating a release candidate

Release announcements include links to the following:

  • A source tarball
  • A signature (.asc)
  • A checksum (.sha512)
  • KEYS file
  • GitHub change comparison

After downloading the source tarball, signature, checksum, and KEYS file, here are instructions on how to verify signatures, checksums, and documentation.

Verifying signatures

First, import the keys.

curl -o KEYS
gpg --import KEYS

Next, verify the .asc file.

svn checkout /tmp/pyiceberg/

for name in $(ls /tmp/pyiceberg/pyiceberg-*.whl /tmp/pyiceberg/pyiceberg-*.tar.gz)
    gpg --verify ${name}.asc ${name}

Verifying checksums

cd  /tmp/pyiceberg/
for name in $(ls /tmp/pyiceberg/pyiceberg-*.whl.sha512 /tmp/pyiceberg/pyiceberg-*.tar.gz.sha512)
    shasum -a 512 --check ${name}

Verifying License Documentation

tar xzf pyiceberg-0.5.0.tar.gz
cd pyiceberg-0.5.0

Run RAT checks to validate license header:



This section explains how to run the tests of the source distribution.

Clean environment

To make sure that your environment is fresh is to run the tests in a new Docker container: docker run -t -i -v $(pwd):/pyiceberg/ python:3.9 bash. And change directory: cd /pyiceberg/.

First step is to install the package:

make install

And then run the tests:

make test

To run the full integration tests:

make test-s3

This will include a Minio S3 container being spun up.

Cast the vote

Votes are cast by replying to the release candidate announcement email on the dev mailing list with either +1, 0, or -1. For example :

[ ] +1 Release this as PyIceberg 0.3.0 [ ] +0 [ ] -1 Do not release this because…

In addition to your vote, it’s customary to specify if your vote is binding or non-binding. Only members of the Project Management Committee have formally binding votes. If you’re unsure, you can specify that your vote is non-binding. To read more about voting in the Apache framework, checkout the Voting information page on the Apache foundation’s website.