Hi Kevin, On 3/25/13 11:04 AM, "Kevin Minder" <[email protected]> wrote:
>Chris or Devaraj, > >So I think I've done mostly everything required to prep for signing a >release, with one known exception. It looks like I'm also supposed to >upload my exported armored public key to either the git repository or >the site. Can you clarify the correct location. http://id.apache.org/ > >So other than this can one of you verify that I've followed the steps >correctly? I have a knox-0.2.0-SNAPSHOT-src.zip.asc that I can attached >to an email if that is appropriate. It seems like only the source >distribution is signed. Is that correct? If you're ready to call for a release, I would start a [DISCUSS] Apache Knox 0.2.0 (incubating) rc #1 email if there are things you want to discuss, and/or otherwise, feel free to call a [VOTE] with same subject (minus the [DISCUSS]) and then our formal reviews can count towards releasing what you build. Start it on [email protected], leave it open (if it's a VOTE) for at least 72 hours, and then let er' rip! Cheers, Chris > >Kevin. > >On 3/23/13 1:08 AM, Mattmann, Chris A (388J) wrote: >> Hi Kevin, >> >> On 3/21/13 2:42 PM, "Kevin Minder" <[email protected]> wrote: >> >>> Hi Everyone, >>> I just pushed changes that I hope are a step toward releasability. >>> Basically you can now use "ant release sign" to create signed release >>> artifacts. >>> It creates these files in target/0.2.0-SNAPSHOT or whatever the current >>> version is. >>> I'm still not sure about how the KEYS should be handled and that >>> probably needs to change. >>> KEYS >>> knox-0.2.0-SNAPSHOT-src.zip >>> knox-0.2.0-SNAPSHOT-src.zip.asc >>> knox-0.2.0-SNAPSHOT-src.zip.md5 >>> knox-0.2.0-SNAPSHOT-src.zip.sha >>> knox-0.2.0-SNAPSHOT.zip >>> knox-0.2.0-SNAPSHOT.zip.asc >>> knox-0.2.0-SNAPSHOT.zip.md5 >>> knox-0.2.0-SNAPSHOT.zip.sha >> For KEYS, see: >> >> http://www.apache.org/dev/release-signing.html >> >> http://httpd.apache.org/dev/verification.html >> >> >>> For "ant sign" to work you will need GNU Privacy Guard >>> (http://www.gnupg.org/) installed on your system and have generated RSA >>> 4096 bit keys. >>> The build.xml might need to be tweaked to run on systems other than a >>>mac. >>> You can run "ant release" without signing. >>> >>> Mentors, >>> What is the right way to go about testing this? >>> In addition I assume that we won't be using an untrusted key so who >>>will >>> actually create the release and stage? Devarj? >> You should add your key to id.apache.org. >> >> Then your ASC file (if it's not in the web of trust as RM), will work >> but just claim that it's a good key, but an untrusted one. That's fine. >> >> >>> I'll have to find a key signing party before I can do it. >> No you won't you're fine :) >> >>> It will also create an email like below in target/vote.txt >>>> From: [email protected] >>>> To: [email protected] >>>> Subject: [VOTE] Release Apache Knox (Incubator) 0.2.0-SNAPSHOT >>>> >>>> A candidate for the Apache Knox (Incubator) 0.2.0-SNAPSHOT release is >>>> available at: >>>> >>>> http://people.apache.org/~kminder/knox/0.2.0-SNAPSHOT/ >>>> >>>> The release candidate is a zip archive of the sources in: >>>> >>>> http://svn.apache.org/repos/asf/knox/tags/0.2.0-SNAPSHOT/ >>>> >>>> The SHA1 checksum of the archive is >>>> db8c567ce61df98e1ce7ecb17551e31d26ce6d94. >>>> >>>> Please vote on releasing this package as Apache Knox (Incubator) >>>> ${gateay-version}. >>>> The vote is open for the next 72 hours and passes if a majority of at >>>> least three +1 ${project-name} PMC votes are cast. >>>> >>>> [ ] +1 Release this package as Apache Knox (Incubator) 0.2.0-SNAPSHOT >>>> [ ] -1 Do not release this package because... >>> Lastly is outputs a reminder about how to stage the release. >>>> [echo] The release candidate has been prepared in: >>>> [echo] >>>> [echo] target/0.2.0-SNAPSHOT >>>> [echo] >>>> [echo] Please stage it to people.apache.org like this: >>>> [echo] >>>> [echo] scp -r target/0.2.0-SNAPSHOT >>>> people.apache.org:public_html/knox/ >>>> [echo] >>>> [echo] A release vote template has been generated here: >>>> [echo] >>>> [echo] file://target/vote.txt >> Awesome! >> >> Cheers, >> Chris >> >>> >>> >>> >>> Kevin. >
