Am 6. Februar 2019 22:39:24 MEZ schrieb Philippe Mouawad
<[email protected]>:
>Hello,
>
>We now have :
>
> - 30 enhancements
> - 51 bugfixes
>
>I think the nightly is ready to be released.
>
>What's your opinion ?
Yes. We should do a release.
>Is there a volunteer for release management ?
I would be willing to do so, but I would need a pgp key like you do :)
>If not I'll try to , but I see there are some steps where I'll need
>help
>from usual release manager:
>I don't understand this:
>
> -
>
> If necessary, update the META file with your GPG key id (if you act as
> the release manager for the first time. Please visit
>https://checker.apache.org/doc/README.html ) => HOW DO I GET The key
>id
> ?
You generate a pgp/gpg key pair. The key from that pair has an ID that is
assigned automatically upon generation.
The public part of the pair will have to be signed by some known keys, so that
it can be verified by others that have no direct contact to you (but trust the
known keys).
> -
> - The META file needs to be signed by the PMC Chair of project with
> this command:
>
>gpg -u [email protected] --armor --output META.asc
>--detach-sig META
This is done to have a known place where our key ids can be found. Those key
ids are signed by the chair, so others can verify that the project trusts those
values.
>
>=> Can I sign it or must it be milamber ?
The meta file seems to be signed by milamber (but only when the id's are added)
>
>
> - To verify the good signature, use this command:
>
>$ gpg --verify META.asc METAgpg: Signature made mar. 12 sept. 2017
>18:05:19 WESTgpg: using RSA key
>C4923F9ABFB2F1A06F08E88BAC214CAA0612B399gpg: issuer
>"[email protected]"gpg: Good signature from "Milamber (ASF)
><[email protected]>" [ultimate]gpg: aka "Milamber
>(Milamberspace) <[email protected]>" [ultimate]
>
>=> When I do it
>gpg --verify META.asc META
>gpg: Signature made Tue 12 Sep 2017 05:05:19 PM UTC using RSA key ID
>0612B399
>gpg: Can't check signature: No public key
I haven't tried that one, will have to do it when I am home again.
>
>
>Sorry for stupid questions.
PGP is hard to understand and to get correctly handled.
Regards,
Felix
>
>
>Regards
>Philippe
>
>
>
>
>
>
>
>
><https://www.openstreetmap.org/#map=18/50.69454/3.16455>
