You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ju...@apache.org on 2019/07/23 11:46:34 UTC
svn commit: r1863627 -
/subversion/site/publish/docs/community-guide/releasing.part.html
Author: julianfoad
Date: Tue Jul 23 11:46:33 2019
New Revision: 1863627
URL: http://svn.apache.org/viewvc?rev=1863627&view=rev
Log:
* publish/docs/community-guide/releasing.part.html (tarball-signing):
Add sub-headings and format the requirements as a list, for clarity.
Modified:
subversion/site/publish/docs/community-guide/releasing.part.html
Modified: subversion/site/publish/docs/community-guide/releasing.part.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/community-guide/releasing.part.html?rev=1863627&r1=1863626&r2=1863627&view=diff
==============================================================================
--- subversion/site/publish/docs/community-guide/releasing.part.html (original)
+++ subversion/site/publish/docs/community-guide/releasing.part.html Tue Jul 23 11:46:33 2019
@@ -956,6 +956,12 @@ the dev@ list.</p>
title="Link to this section">¶</a>
</h3>
+<div class="h4" id="releasing-signing-why">
+<h4>Why releases are signed
+ <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" -->#releasing-signing-why"
+ title="Link to this section">¶</a>
+</h4>
+
<p>Because Subversion releases are distributed through the
<a href="https://www.apache.org/dev/mirrors.html">ASF mirror network</a>, it
is important that end-users be able to verify the authenticity of the source
@@ -969,6 +975,31 @@ signatures are done using each committer
published with the release so that end users can verify the integrity of the
downloaded packages.</p>
+</div> <!-- release-signing-why -->
+
+<div class="h4" id="releasing-votes">
+<h4>Voting and signing requirements
+ <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" -->#releasing-votes"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>Before a Subversion release is officially made public, it requires:</p>
+<ul>
+ <li>three +1 votes from members of the Subversion PMC
+ [<a href="https://www.apache.org/legal/release-policy.html#release-approval">ASF policy</a>]</li>, and
+ <li>testing and signatures from at least one PMC member on
+ <em>each</em> of the major platforms we support: Windows and *nix
+ [project policy]</li>
+</ul>
+
+</div> <!-- release-votes -->
+
+<div class="h4" id="releasing-signing-how">
+<h4>How to sign a release
+ <a class="sectionlink" href="<!--#echo var="GUIDE_RELEASING_PAGE" -->#releasing-signing-how"
+ title="Link to this section">¶</a>
+</h4>
+
<p>When creating the initial set of tarballs, the release manager will also
create the first set of signatures. While the tarballs themselves may be
built on <tt>people.apache.org</tt>, it is important that the signatures are
@@ -978,10 +1009,7 @@ signing the tarballs (using the process
upload the signatures to the preliminary distribution location, and place them
in the same directory as the tarballs.</p>
-<p>Before a release is officially made public, it must receive three +1 votes
-from members of the Subversion PMC. In addition, as a matter of project
-policy, we require testing and signatures from at least one PMC member on
-<em>each</em> of the major platforms we support: Windows and *nix.
+<p>
Members of the PMC, as well as enthusiastic community members are encourages to
download the tarballs from the preliminary distribution location, run the
tests, and then provide their signatures. The public keys for these signatures
@@ -1048,6 +1076,8 @@ the file signature is wrong, or the file
well be the case that you don't have an identical gzip version as the release
manager.</p>
+</div> <!-- release-signing-how -->
+
</div> <!-- tarball-signing -->
<div class="h3" id="releasing-release">