www-release-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@apache.org>
Subject Re: Release process tooling
Date Sun, 25 Jul 2010 11:13:22 GMT
For CouchDB:

On 22 Jul 2010, at 19:37, Hyrum K. Wright wrote:

> * RM creates artifact(s)
> * RM signs the artifact(s)

Running `make distsign` does this for me.

> * RM registers the artifact(s) using a script on {people,dist,?}.apache.org

I use `scp` for this, once I have tested the artefact locally.

> * PMC members go to a webapp to download the artifact(s)
> * offline, the PMC members verify and sign the artifact(s)
> * PMC members then upload signatures through the webapp
> * webapp verifies:
>    a) the signature is valid
>    b) the signer is authorized to sign the artifact(s) (i.e., is a
> member of the PMC)
> * RM retrieves the signatures via script or webapp

I am the only one signing the artefact at the moment.

> * RM can then run script to promote the artifact(s), with signatures
> and hashes, to the distribution area

I have `rsync` in a script called `release.sh` on p.a.o that does this.

View raw message