cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thorsten Scherler <scher...@gmail.com>
Subject Re: [VOTE] Release Cocoon 2.1.12
Date Mon, 18 Mar 2013 10:47:32 GMT
On 03/16/2013 08:24 AM, David Crossley wrote:
> C├ędric Damioli wrote:
>> I've put the files at http://people.apache.org/~cdamioli/cocoon-2.1.12/
>>
>> Please check the files, build and run samples, and cast your votes.
> +1 from me for cocoon-2.1.12-src.tar.gz MD5 8f86915b851df0405fa52dbe249bd3da
>
> Thanks.
>
> There are some small things that can be fixed after this release.
> e.g. "Apache Software License" in deps/LICENSE.txt should be "Apache License".
>
> Your key should get signed by someone else.
>
> We could follow what Subversion does. The multiple signatures
> would assist with that issue.
> http://subversion.apache.org/docs/community-guide/releasing.html#tarball-signing
>
> Also i see that rather than using a static KEYS file,
> they link directly from their download page to the set of current keys.
>

Actually we used that before as I describe in:
> Now asc:
> wget https://people.apache.org/keys/group/cocoon.asc
>  gpg --import cocoon.asc
> gpg --verify cocoon-2.1.12-src.tar.gz.asc
> ~/src/apache/cocoon-2.1.12-src.tar.gz
> gpg: Signature made Thu 14 Mar 2013 03:31:26 PM CET using RSA key ID
> DD478570
> gpg: Can't check signature: public key not found
>
> For the release we need to add your key to the people group.
> gpg --import cocoon-2.1.12/KEYS
> that worked fine.

However the addition that more people sign the tar sounds nice and even
we can combine it the min 3 +1 so at least three people should sign the
release.

salu2

-- 
Thorsten Scherler <scherler.at.gmail.com>
codeBusters S.L. - web based systems
<consulting, training and solutions>

http://www.codebusters.es/


Mime
View raw message