You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by ki...@apache.org on 2019/11/07 02:54:28 UTC
[dubbo-website] branch master updated: add config fingerprint in
release guide (#509)
This is an automated email from the ASF dual-hosted git repository.
kirito pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo-website.git
The following commit(s) were added to refs/heads/master by this push:
new c38d2c7 add config fingerprint in release guide (#509)
c38d2c7 is described below
commit c38d2c7e9679f1c0f142c7663c5d25e3df216689
Author: 望哥 <ge...@163.com>
AuthorDate: Thu Nov 7 10:54:21 2019 +0800
add config fingerprint in release guide (#509)
---
docs/en-us/developers/committer-guide/release-guide_dev.md | 12 ++++++++++++
docs/zh-cn/developers/committer-guide/release-guide_dev.md | 13 +++++++++++++
2 files changed, 25 insertions(+)
diff --git a/docs/en-us/developers/committer-guide/release-guide_dev.md b/docs/en-us/developers/committer-guide/release-guide_dev.md
index d5f7422..43db8c5 100644
--- a/docs/en-us/developers/committer-guide/release-guide_dev.md
+++ b/docs/en-us/developers/committer-guide/release-guide_dev.md
@@ -109,6 +109,18 @@ Mainly including the related preparation of signature utilities and Maven reposi
$ gpg --delete-keys 1808C6444C781C0AEA0AAD4C4D6A8007D20DB8A4
```
+
+ - config your fingerprint.
+ ```sh
+ ### Show fingerprint info:
+ $ gpg --fingerprint liujun
+ pub rsa4096 2019-10-17 [SC]
+ 1376 A2FF 67E4 C477 5739 09BD 7DB6 8550 D366 E4C0
+ uid [ultimate] liujun (CODE SIGNING KEY) <li...@apache.org>
+ sub rsa4096 2019-10-17 [E]
+ ```
+ Save the fingerprint, as above `1376 A2FF 67E4 C477 5739 09BD 7DB6 8550 D366 E4C0`,
+ to the field `OpenPGP Public Key Primary Fingerprint` in you profile page at https://id.apache.org.
3. Set up Apache central repository.
diff --git a/docs/zh-cn/developers/committer-guide/release-guide_dev.md b/docs/zh-cn/developers/committer-guide/release-guide_dev.md
index e128a15..a31d021 100644
--- a/docs/zh-cn/developers/committer-guide/release-guide_dev.md
+++ b/docs/zh-cn/developers/committer-guide/release-guide_dev.md
@@ -98,6 +98,19 @@ $ gpg --delete-keys 1808C6444C781C0AEA0AAD4C4D6A8007D20DB8A4
> PS: 最新版本经过实测,本地没有gpg.conf这个文件,因此如果在执行过程中遇到签名失败,可以参考这个文章:https://blog.csdn.net/wenbo20182/article/details/72850810 或 https://d.sb/2016/11/gpg-inappropriate-ioctl-for-device-errors
+由于公钥服务器没有检查机制,任何人都可以用你的名义上传公钥,所以没有办法保证服务器上的公钥的可靠性。
+通常,你可以在网站上公布一个公钥指纹,让其他人核对下载到的公钥是否为真。
+```sh
+# fingerprint参数生成公钥指纹:
+$ gpg --fingerprint liujun
+pub rsa4096 2019-10-17 [SC]
+ 1376 A2FF 67E4 C477 5739 09BD 7DB6 8550 D366 E4C0
+uid [ultimate] liujun (CODE SIGNING KEY) <li...@apache.org>
+sub rsa4096 2019-10-17 [E]
+```
+登录 https://id.apache.org, 将上面的 fingerprint (即 1376 A2FF 67E4 C477 5739 09BD 7DB6 8550 D366 E4C0)
+粘贴到自己的用户信息中 OpenPGP Public Key Primary Fingerprint
+
### 设置Apache中央仓库
Dubbo项目的父pom为Apache pom(2.7.0以上版本需要,2.6.x发布版本不需要此操作)