Hey Kevin, On 3/25/13 11:45 AM, "Kevin Minder" <[email protected]> wrote:
>Hey Chris, >Not ready yet. I'm just trying to figure out if I'm done with the key >setup for when we are. After this the final thing for me (I think) is >getting to the point where I think the LICENSE and NOTICE files are >correct. Then I will be starting a discussion about releasing. > >Relative to my question below I'm trying to figure out what should be >done about the KEYS file as mentioned in the "The KEYS File" here. >http://www.apache.org/dev/release-signing.html#faq > From that doc this is an example of Ant's KEYS file >http://www.apache.org/dist/ant/KEYS Gotcha! OK, that KEYS file should be uploaded to: minotaur.a.o:/www/www.apache.org/dist/incubator/knox Then it should appear at: http://www.apache.org/dist/incubator/knox/KEYS HTH! Cheers, Chris > >Where should this go? > >Kevin. > >On 3/25/13 2:19 PM, Mattmann, Chris A (388J) wrote: >> Hi Kevin, >> >> On 3/25/13 11:04 AM, "Kevin Minder" <[email protected]> >>wrote: >> >>> Chris or Devaraj, >>> >>> So I think I've done mostly everything required to prep for signing a >>> release, with one known exception. It looks like I'm also supposed to >>> upload my exported armored public key to either the git repository or >>> the site. Can you clarify the correct location. >> http://id.apache.org/ >> >>> So other than this can one of you verify that I've followed the steps >>> correctly? I have a knox-0.2.0-SNAPSHOT-src.zip.asc that I can >>>attached >>> to an email if that is appropriate. It seems like only the source >>> distribution is signed. Is that correct? >> If you're ready to call for a release, I would start a [DISCUSS] Apache >> Knox 0.2.0 (incubating) rc #1 >> email if there are things you want to discuss, and/or otherwise, feel >>free >> to call a [VOTE] >> with same subject (minus the [DISCUSS]) and then our formal reviews can >> count towards >> releasing what you build. >> >> Start it on [email protected], leave it open (if it's a >>VOTE) >> for at least >> 72 hours, and then let er' rip! >> >> Cheers, >> Chris >> >>> Kevin. >>> >>> On 3/23/13 1:08 AM, Mattmann, Chris A (388J) wrote: >>>> Hi Kevin, >>>> >>>> On 3/21/13 2:42 PM, "Kevin Minder" <[email protected]> >>>>wrote: >>>> >>>>> Hi Everyone, >>>>> I just pushed changes that I hope are a step toward releasability. >>>>> Basically you can now use "ant release sign" to create signed release >>>>> artifacts. >>>>> It creates these files in target/0.2.0-SNAPSHOT or whatever the >>>>>current >>>>> version is. >>>>> I'm still not sure about how the KEYS should be handled and that >>>>> probably needs to change. >>>>> KEYS >>>>> knox-0.2.0-SNAPSHOT-src.zip >>>>> knox-0.2.0-SNAPSHOT-src.zip.asc >>>>> knox-0.2.0-SNAPSHOT-src.zip.md5 >>>>> knox-0.2.0-SNAPSHOT-src.zip.sha >>>>> knox-0.2.0-SNAPSHOT.zip >>>>> knox-0.2.0-SNAPSHOT.zip.asc >>>>> knox-0.2.0-SNAPSHOT.zip.md5 >>>>> knox-0.2.0-SNAPSHOT.zip.sha >>>> For KEYS, see: >>>> >>>> http://www.apache.org/dev/release-signing.html >>>> >>>> http://httpd.apache.org/dev/verification.html >>>> >>>> >>>>> For "ant sign" to work you will need GNU Privacy Guard >>>>> (http://www.gnupg.org/) installed on your system and have generated >>>>>RSA >>>>> 4096 bit keys. >>>>> The build.xml might need to be tweaked to run on systems other than a >>>>> mac. >>>>> You can run "ant release" without signing. >>>>> >>>>> Mentors, >>>>> What is the right way to go about testing this? >>>>> In addition I assume that we won't be using an untrusted key so who >>>>> will >>>>> actually create the release and stage? Devarj? >>>> You should add your key to id.apache.org. >>>> >>>> Then your ASC file (if it's not in the web of trust as RM), will work >>>> but just claim that it's a good key, but an untrusted one. That's >>>>fine. >>>> >>>> >>>>> I'll have to find a key signing party before I can do it. >>>> No you won't you're fine :) >>>> >>>>> It will also create an email like below in target/vote.txt >>>>>> From: [email protected] >>>>>> To: [email protected] >>>>>> Subject: [VOTE] Release Apache Knox (Incubator) 0.2.0-SNAPSHOT >>>>>> >>>>>> A candidate for the Apache Knox (Incubator) 0.2.0-SNAPSHOT release >>>>>>is >>>>>> available at: >>>>>> >>>>>> http://people.apache.org/~kminder/knox/0.2.0-SNAPSHOT/ >>>>>> >>>>>> The release candidate is a zip archive of the sources in: >>>>>> >>>>>> http://svn.apache.org/repos/asf/knox/tags/0.2.0-SNAPSHOT/ >>>>>> >>>>>> The SHA1 checksum of the archive is >>>>>> db8c567ce61df98e1ce7ecb17551e31d26ce6d94. >>>>>> >>>>>> Please vote on releasing this package as Apache Knox (Incubator) >>>>>> ${gateay-version}. >>>>>> The vote is open for the next 72 hours and passes if a majority of >>>>>>at >>>>>> least three +1 ${project-name} PMC votes are cast. >>>>>> >>>>>> [ ] +1 Release this package as Apache Knox (Incubator) >>>>>>0.2.0-SNAPSHOT >>>>>> [ ] -1 Do not release this package because... >>>>> Lastly is outputs a reminder about how to stage the release. >>>>>> [echo] The release candidate has been prepared in: >>>>>> [echo] >>>>>> [echo] target/0.2.0-SNAPSHOT >>>>>> [echo] >>>>>> [echo] Please stage it to people.apache.org like this: >>>>>> [echo] >>>>>> [echo] scp -r target/0.2.0-SNAPSHOT >>>>>> people.apache.org:public_html/knox/ >>>>>> [echo] >>>>>> [echo] A release vote template has been generated here: >>>>>> [echo] >>>>>> [echo] file://target/vote.txt >>>> Awesome! >>>> >>>> Cheers, >>>> Chris >>>> >>>>> >>>>> >>>>> Kevin. >
