You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by da...@apache.org on 2012/12/13 13:33:13 UTC
svn commit: r1421250 -
/subversion/site/publish/docs/community-guide/releasing.part.html
Author: danielsh
Date: Thu Dec 13 12:33:12 2012
New Revision: 1421250
URL: http://svn.apache.org/viewvc?rev=1421250&view=rev
Log:
Document 'release.py get-keys'.
* docs/community-guide/releasing.part.html
(#tarball-signing): Document the 'get-keys' and 'check-sigs' subcommands,
and add a missing </p> tag.
Modified:
subversion/site/publish/docs/community-guide/releasing.part.html
Modified: subversion/site/publish/docs/community-guide/releasing.part.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/community-guide/releasing.part.html?rev=1421250&r1=1421249&r2=1421250&view=diff
==============================================================================
--- subversion/site/publish/docs/community-guide/releasing.part.html (original)
+++ subversion/site/publish/docs/community-guide/releasing.part.html Thu Dec 13 12:33:12 2012
@@ -919,8 +919,16 @@ the bindings.</p>
<p>To obtain the release candidate, check out a working copy of
<a href="https://dist.apache.org/repos/dist/dev/subversion"
>https://dist.apache.org/repos/dist/dev/subversion</a>.
+Verify the release manager's PGP signatures on the tarballs. release.py
+automates this step:
+<pre>
+ release.py get-keys
+ release.py check-sigs 1.7.8 --target /path/to/dist/working/copy
+</pre>
+</p>
-<p>After having extracted and tested the tarball, you should sign by creating
+<p>After having verified, extracted, and tested the tarball,
+you should sign by creating
an armored detached signature using <a href="http://www.gnupg.org">gpg</a>.
To append your signature to a .asc file, use a command like:</p>
<pre>