Dear Wiki user, You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "Release_Procedure" page has been changed by NoahSlater: http://wiki.apache.org/couchdb/Release_Procedure?action=diff&rev1=146&rev2=147 All other parts of this process must be done on your local machine. + = Checking the Release = + + Assume that you cannot trust: + + * The source code the archive was built from. + * The host operating system the archive was built on. + + An attacker may have compromised either. + + Accordingly, you should subject the release candidate to a number of your own tests. + + Some ideas: + + * Verify the contents of the generated files. + * Audit the types of file contained within the archive. + * Run a virus or exploit scanner on the archive. + = Release Signing = You will need a GPG key pair to sign the release.
