You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by da...@apache.org on 2012/12/13 13:33:13 UTC

svn commit: r1421250 - /subversion/site/publish/docs/community-guide/releasing.part.html

Author: danielsh
Date: Thu Dec 13 12:33:12 2012
New Revision: 1421250

URL: http://svn.apache.org/viewvc?rev=1421250&view=rev
Log:
Document 'release.py get-keys'.

* docs/community-guide/releasing.part.html
  (#tarball-signing): Document the 'get-keys' and 'check-sigs' subcommands, 
    and add a missing </p> tag.

Modified:
    subversion/site/publish/docs/community-guide/releasing.part.html

Modified: subversion/site/publish/docs/community-guide/releasing.part.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/community-guide/releasing.part.html?rev=1421250&r1=1421249&r2=1421250&view=diff
==============================================================================
--- subversion/site/publish/docs/community-guide/releasing.part.html (original)
+++ subversion/site/publish/docs/community-guide/releasing.part.html Thu Dec 13 12:33:12 2012
@@ -919,8 +919,16 @@ the bindings.</p>
 <p>To obtain the release candidate, check out a working copy of
 <a href="https://dist.apache.org/repos/dist/dev/subversion"
 >https://dist.apache.org/repos/dist/dev/subversion</a>.
+Verify the release manager's PGP signatures on the tarballs.  release.py
+automates this step:
+<pre>
+    release.py get-keys
+    release.py check-sigs 1.7.8 --target /path/to/dist/working/copy
+</pre>
+</p>
 
-<p>After having extracted and tested the tarball, you should sign by creating
+<p>After having verified, extracted, and tested the tarball,
+you should sign by creating
 an armored detached signature using <a href="http://www.gnupg.org">gpg</a>.
 To append your signature to a .asc file, use a command like:</p>
 <pre>