You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@submarine.apache.org by GitBox <gi...@apache.org> on 2020/06/20 15:14:55 UTC
[GitHub] [submarine] jiwq opened a new pull request #320: SUBMARINE-538. Update the preparation content in release doc
jiwq opened a new pull request #320:
URL: https://github.com/apache/submarine/pull/320
### What is this PR for?
* Should use `--send-keys` command to send keys to keyserver.
* Simplify the process to update the KEYS into the official dist repo
### What type of PR is it?
[Bug Fix]
### Todos
### What is the Jira issue?
https://issues.apache.org/jira/browse/SUBMARINE-538
### How should this be tested?
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] tangzhankun commented on pull request #320: SUBMARINE-538. Update the preparation content in release doc
Posted by GitBox <gi...@apache.org>.
tangzhankun commented on pull request #320:
URL: https://github.com/apache/submarine/pull/320#issuecomment-647274014
@jiwq @pingsutw , one thing I missed in the document is the committer's key needs to be signed by a PMC whose key is already in the KEYS file.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] tangzhankun edited a comment on pull request #320: SUBMARINE-538. Update the preparation content in release doc
Posted by GitBox <gi...@apache.org>.
tangzhankun edited a comment on pull request #320:
URL: https://github.com/apache/submarine/pull/320#issuecomment-647274014
@jiwq @pingsutw , one thing I missed in the document is the committer's key needs to be signed by a PMC whose key is already in the KEYS file.
https://infra.apache.org/release-signing.html#link-into-wot
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] tangzhankun commented on a change in pull request #320: SUBMARINE-538. Update the preparation content in release doc
Posted by GitBox <gi...@apache.org>.
tangzhankun commented on a change in pull request #320:
URL: https://github.com/apache/submarine/pull/320#discussion_r443308122
##########
File path: dev-support/cicd/HowToRelease.md
##########
@@ -6,20 +6,19 @@ If you have not already done so, generate your PGP key and append your [signing
End users use the KEYS file to validate that releases were done by an Apache committer.
```
-# generate key and upload to the public
+# generate key and send keys to a keyserver
gpg --gen-key
gpg --list-sigs <your name>
-gpg --keyserver pgp.mit.edu --send-key <your publish key RSA string like B3097AC in the above cmd output>
+gpg --keyserver pgp.mit.edu --send-keys <your publish key RSA string like B3097AC in the above cmd output>
gpg --refresh-keys --keyserver pgp.mit.edu
-# adding your key to submarine KEYS
-gpg --list-sigs <your name> >> ~/key.txt
-gpg --armor --export <your name> >> ~/key.txt
+
+# adding your key to the submarine KEYS
svn co --depth immediates https://dist.apache.org/repos/dist apache-dist
cd apache-dist
svn update --set-depth infinity release/submarine
cd release/submarine
-echo ~/key.txt >> KEYS
-svn add KEYS
+gpg --fingerprint <your name> >> KEYS
Review comment:
@jiwq , one question, why change to "fingerprint"?
```
$ gpg --list-sigs ztang
pub rsa2048 2019-05-29 [SC] [expires: 2021-05-28]
4B3097ACE9D46117F0C4FC2BF82CBAEEEC87F784
uid [ultimate] Zhankun Tang <zt...@apache.org>
sig 3 F82CBAEEEC87F784 2019-05-29 Zhankun Tang <zt...@apache.org>
sig F4313315266526CB 2019-05-29 Sunil Govindan (CODE SIGNING KEY) <su...@apache.org>
sub rsa2048 2019-05-29 [E] [expires: 2021-05-28]
sig F82CBAEEEC87F784 2019-05-29 Zhankun Tang <zt...@apache.org>
$ gpg --fingerprint ztang
pub rsa2048 2019-05-29 [SC] [expires: 2021-05-28]
4B30 97AC E9D4 6117 F0C4 FC2B F82C BAEE EC87 F784
uid [ultimate] Zhankun Tang <zt...@apache.org>
sub rsa2048 2019-05-29 [E] [expires: 2021-05-28]
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] tangzhankun edited a comment on pull request #320: SUBMARINE-538. Update the preparation content in release doc
Posted by GitBox <gi...@apache.org>.
tangzhankun edited a comment on pull request #320:
URL: https://github.com/apache/submarine/pull/320#issuecomment-647274014
@jiwq @pingsutw , one thing I missed in the document is the committer's key needs to be signed by a PMC whose key is already in the KEYS file.
https://infra.apache.org/release-signing.html#link-into-wot
https://infra.apache.org/openpgp.html#wot-verifying-links
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] tangzhankun commented on pull request #320: SUBMARINE-538. Update the preparation content in release doc
Posted by GitBox <gi...@apache.org>.
tangzhankun commented on pull request #320:
URL: https://github.com/apache/submarine/pull/320#issuecomment-675202281
@jiwq Thanks for the contribution! It looks good to me. One question, do we also need to add the guide for releasing the Python SDK?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] jiwq commented on pull request #320: SUBMARINE-538. Update the preparation content in release doc
Posted by GitBox <gi...@apache.org>.
jiwq commented on pull request #320:
URL: https://github.com/apache/submarine/pull/320#issuecomment-680376882
> @jiwq Thanks for the contribution! It looks good to me. One question, do we also need to add the guide for releasing the Python SDK?
Yes. I'm working to develop the automatic release tool and write the docs. Will commit if no more comments.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] jiwq commented on pull request #320: SUBMARINE-538. Update the preparation content in release doc
Posted by GitBox <gi...@apache.org>.
jiwq commented on pull request #320:
URL: https://github.com/apache/submarine/pull/320#issuecomment-671446842
@tangzhankun Please help to review. I think we need the other PR to improve the docker images building.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [submarine] asfgit closed pull request #320: SUBMARINE-538. Update the preparation content in release doc
Posted by GitBox <gi...@apache.org>.
asfgit closed pull request #320:
URL: https://github.com/apache/submarine/pull/320
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org