You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2021/03/11 00:48:43 UTC

[GitHub] [openwhisk-release] mrutkows opened a new pull request #379: Refine release manager pre-reqs and instructions

mrutkows opened a new pull request #379:
URL: https://github.com/apache/openwhisk-release/pull/379


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-release] rabbah commented on a change in pull request #379: Refine release manager pre-reqs and instructions

Posted by GitBox <gi...@apache.org>.

rabbah commented on a change in pull request #379:
URL: https://github.com/apache/openwhisk-release/pull/379#discussion_r592034870



##########
File path: docs/release_manager_setup.md
##########
@@ -45,48 +45,82 @@ avoid accidental commits of generated artifacts.
 
 ## Get a local svn checkout of our distribution directories
 
-The Apache distribution servers are managed by committing/removing
-files from project-specific directory trees in an svn repository.
-
-You can run the script [tools/checkout_svn.sh](../tools/checkout_svn.sh)
-to create a local checkout of these repositories at the path expected
-by the rest of the scripts.
+The Apache distribution servers are managed by committing/removing files from project-specific directory trees in an svn repository.
 
+You can run the script [tools/checkout_svn.sh](../tools/checkout_svn.sh) to create a local checkout of these repositories at the path expected by the rest of the scripts.
 
-## Signing Keys 
+## Signing Keys
 
-All release artifacts are accompanied by cryptographic signatures
-according to Apache release policy.
+All release artifacts are accompanied by cryptographic signatures according to Apache release policy.
 
 ### Create a PGP key pair
 
-You will need a PGP key pair. The key must have your
-username@apache.org as one of its associated user ids.
+You will need a PGP key pair. The key must have your username@apache.org as one of its associated user ids.
 
-See https://www.apache.org/dev/release-signing.html for the technical
-requirements for your signing key and instructions on creating one if
-you don't already have an acceptable one.
+See https://www.apache.org/dev/release-signing.html for the technical requirements for your signing key and instructions on creating one if you don't already have an acceptable one.
 
 Currently ASF recommends using a 4096 bit RSA key to sign releases.
 
-### Publish your public key to the project KEYS file.
+### Publish your public key to the project KEYS file
+
+The KEYS file is a plain-text file containing the public key signatures of the release managers (and optionally other committers) for the project.
+
+Each signature in the KEYS file is comprised of the key's fingerprint followed by the ASCII-armored, exported copy of it.
+
+> **Only a PMC member can commit changes to the KEYS file**
+
+Once you have your PGP key pair, append your public key to our [KEYS file](https://dist.apache.org/repos/dist/release/openwhisk/KEYS) in your local svn clone and commit the change.
+
+> **The KEYS file is append only. Once a key has been used to sign a release it cannot be removed from the KEYS file.**
 
-**Only a PMC member can commit changes to the KEYS file**
+The commands to export your key and append it (depending on your PGP client) can be found at the very top of the [`KEYS`](https://dist.apache.org/repos/dist/release/openwhisk/KEYS) file itself, and are also replicated below:
 
-Once you have your PGP key pair, append your public key to our
-[KEYS file](https://dist.apache.org/repos/dist/release/openwhisk/KEYS)
-in your local svn clone and commit the change.
+#### GPG Example (recommended)
 
-**Our KEYS file is append only. Once a key has been used to sign a release it cannot be removed from the KEYS file.**
+Apache recommends [GNU Privacy Guard (GnuPG)](https://www.gnupg.org/), an open-source, OpenPGP compatible implementation

Review comment:
       ```suggestion
   Apache recommends [GNU Privacy Guard (GnuPG)](https://www.gnupg.org/), an open-source, OpenPGP compatible implementation.
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [openwhisk-release] mrutkows merged pull request #379: Refine release manager pre-reqs and instructions

Posted by GitBox <gi...@apache.org>.

mrutkows merged pull request #379:
URL: https://github.com/apache/openwhisk-release/pull/379


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org