commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henri Yandell" <flame...@gmail.com>
Subject Re: [all] MD5 and PGP generation [Was: [feedparser] News / Status]
Date Thu, 02 Mar 2006 22:03:16 GMT
Yeah, running it isn't really the problem. Managing the key when you
don't use it for email is the bit that got painful.

We're not supposed to be using the pgp on minotaur; so my TODO is to
figure out how to get my key off of there, hope I still know the
passphrase, come up with some kind of more-secure-than-minotaur
machine to put it on (really not sure where I'd put it) and get things
started there.

I know - I'm being lame :)

Hen

On 3/2/06, Phil Steitz <phil.steitz@gmail.com> wrote:
> Yep, and if you are really lazy and have a command shell available, you can use
> the scripts referenced here to do the signing, verify the sigs and
> create the symlinks:
> http://jakarta.apache.org/commons/releases/release.html#16%20Miscellaneous
>
> Phil
>
> On 3/2/06, sebb <sebbaz@gmail.com> wrote:
> > Here's an Ant target we use in JMeter for creating MD5 checksums:
> >
> > <!--
> >    Utility target to create MD5 checksums in standard format (with *filename)
> >    Usage:
> >   <antcall target="_md5">
> >       <param name="path" value="${dist.dir}/${dist.name}_src.tar"/>
> >   </antcall>
> > -->
> > <target name="_md5" unless="md5.skip">
> >    <echo message="Creating MD5 for ${path}"/>
> >    <basename property="_base" file="${path}"/>
> >    <checksum file="${path}" property="md5"/>
> >    <echo message="${md5} *${_base}" file="${path}.md5"/>
> > </target>
> >
> > Creating a PGP key is as simple as:
> >
> >      $ gpg -ba file
> >
> > or using the verbose flags:
> >
> >      $ gpg --armor --output foo.tar.gz.asc --detach-sig foo.tar.gz
> >
> > once you have installed GnuPG (which is not all that difficult)
> >
> > See: http://www.apache.org/dev/release-signing.html
> >
> > S.
> > On 02/03/06, Henri Yandell <flamefew@gmail.com> wrote:
> > > md5 bit is easy, given a command line. It's also easy to write Java
> > > for, and I suspect Maven 2 will easily be doing that for us.
> > >
> > > PGP is the thing that stops me doing releases. I accept that it's
> > > important, but that hasn't helped me grokk how to do it.
> > >
> > > Hen
> > >
> > > On 3/2/06, James Carman <james@carmanconsulting.com> wrote:
> > > > I would have to agree that the release process is a bit daunting.  That's
> > > > why I haven't released Commons Proxy 1.0 yet.  I really don't know how
to do
> > > > all of that stuff on the release preparation document (md5 signatures
and
> > > > the like).
> > > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: commons-dev-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message