couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Release_Procedure" by NoahSlater
Date Mon, 04 Mar 2013 21:39:00 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Release_Procedure" page has been changed by NoahSlater:
http://wiki.apache.org/couchdb/Release_Procedure?action=diff&rev1=146&rev2=147

  
  All other parts of this process must be done on your local machine. 
  
+ = Checking the Release =
+ 
+ Assume that you cannot trust:
+ 
+  * The source code the archive was built from.
+  * The host operating system the archive was built on.
+ 
+ An attacker may have compromised either.
+ 
+ Accordingly, you should subject the release candidate to a number of your own tests.
+ 
+ Some ideas:
+ 
+  * Verify the contents of the generated files.
+  * Audit the types of file contained within the archive.
+  * Run a virus or exploit scanner on the archive.
+ 
  = Release Signing =
  
  You will need a GPG key pair to sign the release.

Mime
View raw message