poi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Burch <apa...@gagravarr.org>
Subject Re: help with publishing 3.10-beta2 to maven
Date Fri, 06 Sep 2013 18:14:22 GMT
On Fri, 6 Sep 2013, Allison, Timothy B. wrote:
> Log-in on people.apache.org
>
> deploy Maven artifacts
>
> {code}
> cd build/dist
> ./mvn-deploy.sh
> {code}
>
>>> According to mvn-deploy.sh, I have to have a link to my private key 
>>> and enter my passphrase in the clear in xml on the people.apache.org 
>>> server.  Is this my pgp/gpg signing key or a different key?  If pgp, 
>>> doesn't this conflict with guidance of key security from Apache?  If 
>>> not, apologies for my denseness.

I think you can do that step on your local machine, not on 
people.apache.org . That way, your gpg key remains safe on your local box 
not shared

The artifacts, once signed, get pushed via people.apache.org, but I don't 
think the script should be run there

> 2. Make sure that the files are owned by the unix group apcvs and that 
> they are writable by this group.

That should be "unix group poi"

Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org


Mime
View raw message