You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nuttx.apache.org by Gregory Nutt <sp...@gmail.com> on 2019/12/18 02:31:13 UTC
Apache Account Setup
PPMC members have Apache email addresses. Mine is gnutt@apache.org for
example. I stumbled across this account configuration utility:
https://id.apache.org/ You can use that to setup your forwarding
address (and your github name) . I see some PPMC people already know
this. There is information here on how to setup gmail to send from your
apache.org email using a gmail account.
Re: Apache Account Setup
Posted by Alan Carvalho de Assis <ac...@gmail.com>.
Hi Nathan,
On 12/18/19, Nathan Hartman <ha...@gmail.com> wrote:
> On Wed, Dec 18, 2019 at 5:24 AM Alan Carvalho de Assis <ac...@gmail.com>
> wrote:
>
> Thank you Greg!
>>
>> I saw the option to send the SSH keys, so I suppose we will need to fill
>> it
>> later (for those who didn't it yet).
>
>
> Also if you do not have your PGP keys yet, you should do that soon. These
> are needed for cryptographically signing releases. Several people need to
> sign each release in order to release it.
>
> See:
>
> https://www.apache.org/dev/new-committers-guide.html#set-up-security-and-pgp-keys
>
> and the more detailed document here:
>
> https://www.apache.org/dev/release-signing.html
>
Thank you very much!
I'll submit it.
BR,
Alan
Apache download mirrors [was Re: Apache Account Setup]
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> Will the release artifacts go into SVN at dist.apache.org? Or are git-based
> projects released differently?
They need to be placed their, putting them there means they get distributed to Apache mirrors sites [1] allowing easy access from allover the world. It usually take about 24 hours.
Thanks,
Justin
1. https://www.apache.org/mirrors/
Re: Apache Account Setup
Posted by Nathan Hartman <ha...@gmail.com>.
On Wed, Dec 18, 2019 at 4:21 PM Justin Mclean <ju...@classsoftware.com>
wrote:
> Hi,
>
> Forgive me for top posting.
>
> Some things that may help:
> - Unusually release are only signed by the RM (but you can have others
> sign it as well)
> - It’s best to use your apache email address (but it’s not required)
> - A key signing party is a good idea
> - Emails don’t have to be signed (although some projects sign announce
> emails)
> - Signatures go into a KEYS file so people can verify the release artefacts
Will the release artifacts go into SVN at dist.apache.org? Or are git-based
projects released differently?
Thanks,
Nathan
Re: Apache Account Setup
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
Forgive me for top posting.
Some things that may help:
- Unusually release are only signed by the RM (but you can have others sign it as well)
- It’s best to use your apache email address (but it’s not required)
- A key signing party is a good idea
- Emails don’t have to be signed (although some projects sign announce emails)
- Signatures go into a KEYS file so people can verify the release artefacts
Thanks,
Justin
Re: Apache Account Setup
Posted by Nathan Hartman <ha...@gmail.com>.
On Wed, Dec 18, 2019 at 11:25 AM Gregory Nutt <sp...@gmail.com> wrote:
>
>
> > I don't think there's a need to sign emails.
> >
> > We just sign the release tarballs and those signatures go into a .sig
> > file that people can download and use to verify the tarballs.
>
> Thanks... I obviously don't know what I am going. Just following
> through Apache checklists as I run across them.
Don't worry. It is a little bit of a labyrinth out there. I'm still
learning my way around too. We'll just struggle through until we're
experts.
Re: Apache Account Setup
Posted by Gregory Nutt <sp...@gmail.com>.
> I don't think there's a need to sign emails.
>
> We just sign the release tarballs and those signatures go into a .sig
> file that people can download and use to verify the tarballs.
Thanks... I obviously don't know what I am going. Just following
through Apache checklists as I run across them.
Greg
Re: Apache Account Setup
Posted by Nathan Hartman <ha...@gmail.com>.
On Wed, Dec 18, 2019 at 10:35 AM Gregory Nutt <sp...@gmail.com> wrote:
> These are Windows computers. My key was created by gpg from the Cygwin
> command line. Do I need to copy this into Windows application data for
> use by a mailer? I use Thunderbird and I am not sure where that would go.
I don't think there's a need to sign emails.
We just sign the release tarballs and those signatures go into a .sig
file that people can download and use to verify the tarballs.
Re: Apache Account Setup
Posted by Gregory Nutt <sp...@gmail.com>.
Anotherdumb question...
I have multiple computers and do (work other than just testing) on two:
A desktop and a laptop. I presume that these should have the same key
and that I can just copy .gnupg to that they have the same signing key.
These are Windows computers. My key was created by gpg from the Cygwin
command line. Do I need to copy this into Windows application data for
use by a mailer? I use Thunderbird and I am not sure where that would go.
My laptop runs MSYS2, but I think it is basically the same story.
Greg
Re: Apache Account Setup
Posted by Nathan Hartman <ha...@gmail.com>.
On Wed, Dec 18, 2019 at 9:39 AM Abdelatif Guettouche <
abdelatif.guettouche@gmail.com> wrote:
> Yes they recommend the key to be with an @apache.org email.
> But we can add an email to an existing key.
>
> gpg --edit-key <original email or key id>
>
> We then can add an new email through the gpg cli and upload it when we're
> done.
Could we have a key signing party at NuttX 2020?
Re: Apache Account Setup
Posted by Abdelatif Guettouche <ab...@gmail.com>.
Yes they recommend the key to be with an @apache.org email.
But we can add an email to an existing key.
gpg --edit-key <original email or key id>
We then can add an new email through the gpg cli and upload it when we're done.
On Wed, Dec 18, 2019 at 2:12 PM Gregory Nutt <sp...@gmail.com> wrote:
>
>
> >> I saw the option to send the SSH keys, so I suppose we will need to fill it
> >> later (for those who didn't it yet).
> > Also if you do not have your PGP keys yet, you should do that soon. These
> > are needed for cryptographically signing releases. Several people need to
> > sign each release in order to release it.
> >
> > See:
> >
> > https://www.apache.org/dev/new-committers-guide.html#set-up-security-and-pgp-keys
> >
> > and the more detailed document here:
> >
> > https://www.apache.org/dev/release-signing.html
>
> I assume that this should be the <apache ID>@apache.org?
>
> Then if we have existing keys all we should have to do is:
>
> |gpg --edit-key <apache ID>@apache.org|
>
> |Right?|
>
> |Greg
> |
>
> ||
>
Re: Apache Account Setup
Posted by Gregory Nutt <sp...@gmail.com>.
>> I saw the option to send the SSH keys, so I suppose we will need to fill it
>> later (for those who didn't it yet).
> Also if you do not have your PGP keys yet, you should do that soon. These
> are needed for cryptographically signing releases. Several people need to
> sign each release in order to release it.
>
> See:
>
> https://www.apache.org/dev/new-committers-guide.html#set-up-security-and-pgp-keys
>
> and the more detailed document here:
>
> https://www.apache.org/dev/release-signing.html
I assume that this should be the <apache ID>@apache.org?
Then if we have existing keys all we should have to do is:
|gpg --edit-key <apache ID>@apache.org|
|Right?|
|Greg
|
||
Re: Apache Account Setup
Posted by Nathan Hartman <ha...@gmail.com>.
On Wed, Dec 18, 2019 at 5:24 AM Alan Carvalho de Assis <ac...@gmail.com>
wrote:
Thank you Greg!
>
> I saw the option to send the SSH keys, so I suppose we will need to fill it
> later (for those who didn't it yet).
Also if you do not have your PGP keys yet, you should do that soon. These
are needed for cryptographically signing releases. Several people need to
sign each release in order to release it.
See:
https://www.apache.org/dev/new-committers-guide.html#set-up-security-and-pgp-keys
and the more detailed document here:
https://www.apache.org/dev/release-signing.html
Nathan
Re: Apache Account Setup
Posted by Alan Carvalho de Assis <ac...@gmail.com>.
Thank you Greg!
I saw the option to send the SSH keys, so I suppose we will need to fill it
later (for those who didn't it yet).
BR,
Alan
On Tuesday, December 17, 2019, Gregory Nutt <sp...@gmail.com> wrote:
> PPMC members have Apache email addresses. Mine is gnutt@apache.org for
example. I stumbled across this account configuration utility:
https://id.apache.org/ You can use that to setup your forwarding address
(and your github name) . I see some PPMC people already know this. There
is information here on how to setup gmail to send from your apache.org
email using a gmail account.
>
>