Hey Chris,
Not ready yet. I'm just trying to figure out if I'm done with the key
setup for when we are. After this the final thing for me (I think) is
getting to the point where I think the LICENSE and NOTICE files are
correct. Then I will be starting a discussion about releasing.
Relative to my question below I'm trying to figure out what should be
done about the KEYS file as mentioned in the "The KEYS File" here.
http://www.apache.org/dev/release-signing.html#faq
From that doc this is an example of Ant's KEYS file
http://www.apache.org/dist/ant/KEYS
Where should this go?
Kevin.
On 3/25/13 2:19 PM, Mattmann, Chris A (388J) wrote:
Hi Kevin,
On 3/25/13 11:04 AM, "Kevin Minder" <[email protected]> wrote:
Chris or Devaraj,
So I think I've done mostly everything required to prep for signing a
release, with one known exception. It looks like I'm also supposed to
upload my exported armored public key to either the git repository or
the site. Can you clarify the correct location.
http://id.apache.org/
So other than this can one of you verify that I've followed the steps
correctly? I have a knox-0.2.0-SNAPSHOT-src.zip.asc that I can attached
to an email if that is appropriate. It seems like only the source
distribution is signed. Is that correct?
If you're ready to call for a release, I would start a [DISCUSS] Apache
Knox 0.2.0 (incubating) rc #1
email if there are things you want to discuss, and/or otherwise, feel free
to call a [VOTE]
with same subject (minus the [DISCUSS]) and then our formal reviews can
count towards
releasing what you build.
Start it on [email protected], leave it open (if it's a VOTE)
for at least
72 hours, and then let er' rip!
Cheers,
Chris
Kevin.
On 3/23/13 1:08 AM, Mattmann, Chris A (388J) wrote:
Hi Kevin,
On 3/21/13 2:42 PM, "Kevin Minder" <[email protected]> wrote:
Hi Everyone,
I just pushed changes that I hope are a step toward releasability.
Basically you can now use "ant release sign" to create signed release
artifacts.
It creates these files in target/0.2.0-SNAPSHOT or whatever the current
version is.
I'm still not sure about how the KEYS should be handled and that
probably needs to change.
KEYS
knox-0.2.0-SNAPSHOT-src.zip
knox-0.2.0-SNAPSHOT-src.zip.asc
knox-0.2.0-SNAPSHOT-src.zip.md5
knox-0.2.0-SNAPSHOT-src.zip.sha
knox-0.2.0-SNAPSHOT.zip
knox-0.2.0-SNAPSHOT.zip.asc
knox-0.2.0-SNAPSHOT.zip.md5
knox-0.2.0-SNAPSHOT.zip.sha
For KEYS, see:
http://www.apache.org/dev/release-signing.html
http://httpd.apache.org/dev/verification.html
For "ant sign" to work you will need GNU Privacy Guard
(http://www.gnupg.org/) installed on your system and have generated RSA
4096 bit keys.
The build.xml might need to be tweaked to run on systems other than a
mac.
You can run "ant release" without signing.
Mentors,
What is the right way to go about testing this?
In addition I assume that we won't be using an untrusted key so who
will
actually create the release and stage? Devarj?
You should add your key to id.apache.org.
Then your ASC file (if it's not in the web of trust as RM), will work
but just claim that it's a good key, but an untrusted one. That's fine.
I'll have to find a key signing party before I can do it.
No you won't you're fine :)
It will also create an email like below in target/vote.txt
From: [email protected]
To: [email protected]
Subject: [VOTE] Release Apache Knox (Incubator) 0.2.0-SNAPSHOT
A candidate for the Apache Knox (Incubator) 0.2.0-SNAPSHOT release is
available at:
http://people.apache.org/~kminder/knox/0.2.0-SNAPSHOT/
The release candidate is a zip archive of the sources in:
http://svn.apache.org/repos/asf/knox/tags/0.2.0-SNAPSHOT/
The SHA1 checksum of the archive is
db8c567ce61df98e1ce7ecb17551e31d26ce6d94.
Please vote on releasing this package as Apache Knox (Incubator)
${gateay-version}.
The vote is open for the next 72 hours and passes if a majority of at
least three +1 ${project-name} PMC votes are cast.
[ ] +1 Release this package as Apache Knox (Incubator) 0.2.0-SNAPSHOT
[ ] -1 Do not release this package because...
Lastly is outputs a reminder about how to stage the release.
[echo] The release candidate has been prepared in:
[echo]
[echo] target/0.2.0-SNAPSHOT
[echo]
[echo] Please stage it to people.apache.org like this:
[echo]
[echo] scp -r target/0.2.0-SNAPSHOT
people.apache.org:public_html/knox/
[echo]
[echo] A release vote template has been generated here:
[echo]
[echo] file://target/vote.txt
Awesome!
Cheers,
Chris
Kevin.
