This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/tooling-docs.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 55b532f Automatic Site Publish by Buildbot
55b532f is described below
commit 55b532f694712572df429729103853e2c112fde9
Author: buildbot <[email protected]>
AuthorDate: Tue Mar 11 20:05:43 2025 +0000
Automatic Site Publish by Buildbot
---
output/_pagefind/fragment/en_2d562a7.pf_fragment | Bin 285 -> 0 bytes
output/_pagefind/fragment/en_6d6db61.pf_fragment | Bin 0 -> 1685 bytes
output/_pagefind/index/en_1e82b11.pf_index | Bin 0 -> 4510 bytes
output/_pagefind/index/en_222547d.pf_index | Bin 2504 -> 0 bytes
output/_pagefind/pagefind-entry.json | 2 +-
output/_pagefind/pagefind.en_c12b30a58f.pf_meta | Bin 117 -> 0 bytes
output/_pagefind/pagefind.en_cdf1415ad0.pf_meta | Bin 0 -> 121 bytes
output/agenda-tool.html | 1 +
output/index.html | 1 +
output/team.html | 1 +
output/trusted-release.html | 99 +++++++++++++++++++++++
output/volunteer.html | 1 +
12 files changed, 104 insertions(+), 1 deletion(-)
diff --git a/output/_pagefind/fragment/en_2d562a7.pf_fragment
b/output/_pagefind/fragment/en_2d562a7.pf_fragment
deleted file mode 100644
index e21af02..0000000
Binary files a/output/_pagefind/fragment/en_2d562a7.pf_fragment and /dev/null
differ
diff --git a/output/_pagefind/fragment/en_6d6db61.pf_fragment
b/output/_pagefind/fragment/en_6d6db61.pf_fragment
new file mode 100644
index 0000000..af95fa5
Binary files /dev/null and b/output/_pagefind/fragment/en_6d6db61.pf_fragment
differ
diff --git a/output/_pagefind/index/en_1e82b11.pf_index
b/output/_pagefind/index/en_1e82b11.pf_index
new file mode 100644
index 0000000..c3f0866
Binary files /dev/null and b/output/_pagefind/index/en_1e82b11.pf_index differ
diff --git a/output/_pagefind/index/en_222547d.pf_index
b/output/_pagefind/index/en_222547d.pf_index
deleted file mode 100644
index 149373f..0000000
Binary files a/output/_pagefind/index/en_222547d.pf_index and /dev/null differ
diff --git a/output/_pagefind/pagefind-entry.json
b/output/_pagefind/pagefind-entry.json
index dec45a6..0b629e3 100644
--- a/output/_pagefind/pagefind-entry.json
+++ b/output/_pagefind/pagefind-entry.json
@@ -1 +1 @@
-{"version":"1.0.4","languages":{"en":{"hash":"en_c12b30a58f","wasm":"en","page_count":5}}}
\ No newline at end of file
+{"version":"1.0.4","languages":{"en":{"hash":"en_cdf1415ad0","wasm":"en","page_count":5}}}
\ No newline at end of file
diff --git a/output/_pagefind/pagefind.en_c12b30a58f.pf_meta
b/output/_pagefind/pagefind.en_c12b30a58f.pf_meta
deleted file mode 100644
index 6d185da..0000000
Binary files a/output/_pagefind/pagefind.en_c12b30a58f.pf_meta and /dev/null
differ
diff --git a/output/_pagefind/pagefind.en_cdf1415ad0.pf_meta
b/output/_pagefind/pagefind.en_cdf1415ad0.pf_meta
new file mode 100644
index 0000000..44a7e32
Binary files /dev/null and b/output/_pagefind/pagefind.en_cdf1415ad0.pf_meta
differ
diff --git a/output/agenda-tool.html b/output/agenda-tool.html
index 65d97c0..5c15796 100644
--- a/output/agenda-tool.html
+++ b/output/agenda-tool.html
@@ -54,6 +54,7 @@
<ul class="dropdown-menu">
<!--<li><a class="dropdown-item" href="/blog/">Tooling
Blog</a></li>-->
<li><a class="dropdown-item" href="/team.html">About the
team</a></li>
+ <li><a class="dropdown-item" href="/trusted-release.html">Trusted
Release</a></li>
</ul>
</li>
diff --git a/output/index.html b/output/index.html
index ff05f1d..ef497fc 100644
--- a/output/index.html
+++ b/output/index.html
@@ -54,6 +54,7 @@
<ul class="dropdown-menu">
<!--<li><a class="dropdown-item" href="/blog/">Tooling
Blog</a></li>-->
<li><a class="dropdown-item" href="/team.html">About the
team</a></li>
+ <li><a class="dropdown-item" href="/trusted-release.html">Trusted
Release</a></li>
</ul>
</li>
diff --git a/output/team.html b/output/team.html
index fe70c34..412d27f 100644
--- a/output/team.html
+++ b/output/team.html
@@ -54,6 +54,7 @@
<ul class="dropdown-menu">
<!--<li><a class="dropdown-item" href="/blog/">Tooling
Blog</a></li>-->
<li><a class="dropdown-item" href="/team.html">About the
team</a></li>
+ <li><a class="dropdown-item" href="/trusted-release.html">Trusted
Release</a></li>
</ul>
</li>
diff --git a/output/trusted-release.html b/output/trusted-release.html
index 1871a9d..b69a9ba 100644
--- a/output/trusted-release.html
+++ b/output/trusted-release.html
@@ -54,6 +54,7 @@
<ul class="dropdown-menu">
<!--<li><a class="dropdown-item" href="/blog/">Tooling
Blog</a></li>-->
<li><a class="dropdown-item" href="/team.html">About the
team</a></li>
+ <li><a class="dropdown-item" href="/trusted-release.html">Trusted
Release</a></li>
</ul>
</li>
@@ -93,6 +94,104 @@
</h1>
<h1>Apache Trusted Release</h1>
<p>The main project is the Apache Trusted Release Platform.</p>
+<h2>1. Automate the Release Process</h2>
+<ul>
+<li>Minimize human interaction.</li>
+<li>Community participation on <strong>Release Votes</strong> remains via
email.</li>
+<li>Record all of the key events and metrics for tracking operations and
performance.</li>
+<li>PMCs can quickly benefit.</li>
+<li>Infra costs and management complexity are decreased.</li>
+</ul>
+<h2>2. Community</h2>
+<ul>
+<li>Work with a selection of <strong>Apache</strong> PMCs, <strong>Incubator
PPMCs(podlings)</strong>, and <strong>Infra</strong> for <strong>User
Acceptance Testing (UAT)</strong>.</li>
+<li>Co-ordinate with <strong>Infra</strong> on migration and operation.</li>
+<li>Contribute to Infra's <strong>asfquart</strong> and <strong>asfpy</strong>
frameworks.</li>
+<li>Provide openings for volunteers to help so long as the contributions are
adequate and timely.</li>
+<li>Assure that the <strong>ATR platform</strong> follows industry best
practices especially regarding <strong>SBOMs</strong>,
+<strong>Certificate Management</strong>, and <strong>Digital
Signatures</strong>.</li>
+<li>Help lead the industry to better practices.</li>
+<li>Work within the <strong>ASF</strong> on <strong>Release Policy</strong>
improvements.</li>
+</ul>
+<h2>3. Apache Trusted Release Platform (ATR)</h2>
+<ul>
+<li>Incorporate all PMC Releases.
+<ul>
+<li>Download page.</li>
+<li>Release Candidate page.</li>
+<li>Archived download page.</li>
+</ul>
+</li>
+<li>Every PMC has a management interface.
+<ul>
+<li>Current manual release practice is viewable.</li>
+<li>Automated release status.</li>
+<li><strong>KEYS</strong> file management including revoking keys.</li>
+<li>Trigger release phases.</li>
+<li>Tracking performance.</li>
+</ul>
+</li>
+<li>Platform includes a RESTful API.</li>
+<li>Serve release artifacts efficiently.</li>
+<li>Make switching from current manual release process to a minimal ATR
process very simple.</li>
+<li>System Admins (Infra) have a management interface.</li>
+<li>Provide operational status to help Infra monitor ATR operations through
the Infra Reporting Dashboard (IRD).</li>
+<li>Develop the platform with consideration about reusability outside of the
ASF ecosystem, where feasible with regards to development costs.</li>
+</ul>
+<p>See <a
href="https://github.com/apache/tooling-docs/blob/main/apache-trusted-release/platform.md";>Platform
Services</a> for detailed requirements for the <strong>ATR</strong>.</p>
+<h2>4. Automate Release Process around Compliance</h2>
+<ul>
+<li>Meet Release Policy
+<ul>
+<li>Legal Policy</li>
+<li>Infra Policy</li>
+<li>Security Policy</li>
+</ul>
+</li>
+<li>SBOMs and Attestations
+<ul>
+<li>Include dependency and license compliance.</li>
+<li>Provide clear attribution and information about Release Votes.</li>
+</ul>
+</li>
+<li>Certificate and Credential Management
+<ul>
+<li>Manage the signing keys needed for automation.</li>
+</ul>
+</li>
+<li>Download Page including available SBOM and verification instructions.</li>
+<li>Announcement Email.</li>
+</ul>
+<h2>5. Release Lifecycle Phases</h2>
+<p>Here is a flow chart showing the <a
href="https://github.com/apache/tooling-docs/blob/main/apache-trusted-release/lifecycle.md";>Release
Lifecycle Phases</a>.</p>
+<h2>6. Infrastructure Requirements</h2>
+<ul>
+<li>Run book for releases.apache.org</li>
+<li>Progress on the retirement path for <code>svn:dist</code>. See <a
href="https://github.com/apache/tooling-docs/blob/main/apache-trusted-release/svn-dist.md";>Legacy
Releases from SVN Dist</a>
+for possible transitional states. For this first iteration <em>transition
2</em> is preferred.</li>
+<li>Legacy urls for dist.apache.org, downloads.apache.org, dlcdn.apache.org,
and archive.apache.org remain supported.</li>
+<li>Path schemes for downloads.apache.org, dlcdn.apache.org, and
archive.apache.org remain.</li>
+</ul>
+<h2>7. Future Requirements</h2>
+<ul>
+<li>
+<p>Integrate with the <a
href="https://github.com/apache/tooling-docs/blob/main/apache-trusted-release/advisory-process.md";>Security
Advisory Process</a> to make it easy to track applicable advisories on
download pages.</p>
+</li>
+<li>
+<p>Expand support for <a
href="https://github.com/apache/tooling-docs/blob/main/apache-trusted-release/evaluate.md";>Evaluating
Build Claims</a> to additional build tools.</p>
+</li>
+<li>
+<p>Expand automated support for additional <a
href="https://github.com/apache/tooling-docs/blob/main/apache-trusted-release/distributions.md";>Distribution
Channels</a>.</p>
+</li>
+<li>
+<p>Include a <a
href="https://github.com/apache/tooling-docs/blob/main/apache-trusted-release/digital-signatures.md";>Signing
Candidates</a> phase during ATR processing.</p>
+<blockquote>
+<p>There are policy implications to the automation of digital signatures.
+For now, creating digital signatures on certain artifact types must be done
prior to GPG signing and
+prior to submission of the release candidate.</p>
+</blockquote>
+</li>
+</ul>
</div>
</div>
diff --git a/output/volunteer.html b/output/volunteer.html
index 8bf0bdf..fb02015 100644
--- a/output/volunteer.html
+++ b/output/volunteer.html
@@ -54,6 +54,7 @@
<ul class="dropdown-menu">
<!--<li><a class="dropdown-item" href="/blog/">Tooling
Blog</a></li>-->
<li><a class="dropdown-item" href="/team.html">About the
team</a></li>
+ <li><a class="dropdown-item" href="/trusted-release.html">Trusted
Release</a></li>
</ul>
</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
