quickstep-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Spehlmann <spehl.apa...@gmail.com>
Subject Release Signing
Date Tue, 31 Jan 2017 23:35:32 GMT
One of the steps that must take place before releasing a release tarball is
to have the release managers digitally sign the tarball.

Hakan, Jignesh, Harshad I think you all are the release managers. Please
follow this guide

http://quickstep.apache.org/release-signing/

to
1) create a key pair
2) upload the public key to a public keyserver
3) (bonus for now) add the public key to a KEYS file in the root of
quickstep.

When the release tarball is ready, we can sign it.

To be fair, I'm not totally sure how this works because it seems to me that
everyone has to sign the release with their private key, meaning that it
must be uploaded to each PC where the private key is held, then signed?
That seems cumbersome.

Anyways, steps 1,2 are straightforward and need to be done before we
resolve that last problem.

Cheers,
Marc

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message