[
https://issues.apache.org/jira/browse/BEAM-8117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16919765#comment-16919765
]
Mark Liu commented on BEAM-8117:
--------------------------------
people should select 4096 bits key when executing `gpg --full-generate-key`
(one of the interactive question).
> Improve the preparation_before_release script
> ---------------------------------------------
>
> Key: BEAM-8117
> URL: https://issues.apache.org/jira/browse/BEAM-8117
> Project: Beam
> Issue Type: Sub-task
> Components: project-management
> Reporter: yifan zou
> Priority: Major
>
> * Setup GPG keys:
> * The preparation_before_release.sh interrupted. Git command failed when
> configuring git signing key.
> * It required a PMC to add the key in dev@ list, the script doesn’t really
> help.
> * Apache requires the key has at least 4096 bits, but script generates the
> 3072b key by default. There were a few options to select the size of the key,
> but there was no instruction indicates which option the release manager
> should choose.
> * *Solution*: I follow the Apache official [release signing
> guide|https://www.apache.org/dev/release-signing.html] to generate the RSA
> keys then asked a PMC member adding it to the dev and release key list.
> * Reference: [GPG Cheat Sheet|http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/]
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
