This is an automated email from the ASF dual-hosted git repository.
delei pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/fesod.git
The following commit(s) were added to refs/heads/main by this push:
new f83ee1f2 feature: enhance release verification documentation (#796)
f83ee1f2 is described below
commit f83ee1f23b790d7c09aa77f62f34db11cd12276a
Author: Shuxin Pan <[email protected]>
AuthorDate: Thu Jan 15 21:56:18 2026 +0800
feature: enhance release verification documentation (#796)
* feature: enhance release verification documentation with detailed steps
and compliance checks
* feature: enhance release verification documentation with detailed PGP
signing and POM configuration steps
* feature: enhance release verification documentation with detailed PGP
signing and POM configuration steps
---
website/community/release/release-version.md | 506 +++++++++++++++++++-
website/community/release/verify-release.md | 7 +-
.../current/release/release-version.md | 511 ++++++++++++++++++++-
.../current/release/verify-release.md | 8 +-
4 files changed, 1023 insertions(+), 9 deletions(-)
diff --git a/website/community/release/release-version.md
b/website/community/release/release-version.md
index 615c91b3..2b6d6684 100644
--- a/website/community/release/release-version.md
+++ b/website/community/release/release-version.md
@@ -3,4 +3,508 @@ id: 'release-version'
title: 'How to Release'
---
-This tutorial describes in detail how to release Apache Fesod (Incubating),
take the release of version 2.0.0 as an example.
+# 1. Preface
+
+## 1.1 Apache Release Documentation
+
+Refer to the following links to understand the ASF release process:
+
+- [Apache Release Guide](http://www.apache.org/dev/release-publishing)
+- [Apache Release Policy](http://www.apache.org/dev/release.html)
+- [Maven Release
Info](http://www.apache.org/dev/publishing-maven-artifacts.html)
+
+## 1.2 PGP Signing
+
+Follow the Apache Release Guide to sign the release version. Users can also
use this signature to verify that the downloaded version has not been tampered
with.
+
+Create a `pgp` key for release signing, using **\<your Apache ID>@apache.org**
as the key USER-ID.
+
+For details, refer to [Apache Releases Signing
documentation](https://infra.apache.org/release-signing) and [Cryptography with
OpenPGP](http://www.apache.org/dev/openpgp.html).
+
+Brief process for generating a key:
+
+- Generate a new `gpg` key using `gpg --full-gen-key`, setting the key length
to 4096.
+
+ Note: You can set it to never expire, or set an expiration date based on
your needs. However, if it expires, you must update the public key in the [DEV
KEYS file](https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS) and
[RELEASE KEYS
file](https://dist.apache.org/repos/dist/release/incubator/fesod/KEYS).
+
+- Upload the key to the public key server using `gpg --keyserver
keys.openpgp.org --send-key <your key id>`.
+
+Note: If the server is inaccessible, you can upload the public key online via
[OpenPGP Keyserver (ubuntu.com)](https://keyserver.ubuntu.com/).
+
+ ```bash
+ # Use this command to find the keyid, e.g.: gpg --list-signatures
--keyid-format LONG
+ pub rsa4096/XXXXXXXX 2025-12-15 [SC] [Expires: 2027-12-15]
+ F2D3A28A392129B927C7FB42XXXXXXXX
+ uid [ Absolute ] xxxx <[email protected]>
+ sig 3 XXXXXXXX 2025-12-15 [Self-signature]
+ sub rsa4096/XXXXX 2025-12-15 [E] [Expires: 2027-12-15]
+ sig XXXXXXXX 2025-12-15 [Self-signature]
+
+- Export the public key to a text file using `gpg --armor --output
./public-key.txt --export XXXXXXXX`.
+
+- Append the generated key to the [DEV KEYS
file](https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS) and [RELEASE
KEYS file](https://dist.apache.org/repos/dist/release/incubator/fesod/KEYS).
+
+**Note:**
+
+The DEV SVN repository can be updated by the Release Manager directly. The
Release SVN repository requires PMC privileges, so you may need PMC assistance
to upload the KEY.
+
+**Tips:** You need to set a default public key. If you have multiple public
keys, please modify `~/.gnupg/gpg.conf`.
+
+Reference example:
+
+```text
+gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: (Set username) (Use Apache ID)
+Email address: (Set email address) (Use Apache email)
+Comment: (Fill in comments)
+You selected this USER-ID:
+ "Username (Comment) <Email Address>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key. (Set password)
+
+```
+
+Convert the generated public and private keys to ASCII format:
+
+```bash
+gpg --armor --output ./public-key.txt --export XXXXXXXX
+gpg --armor --output ./private-key.txt --export-secret-keys XXXXXXXX
+```
+
+View the key list:
+
+```bash
+[root@localhost ~]# gpg --list-signatures --keyid-format LONG
+[keyboxd]
+---------
+pub rsa4096/XXXXXXXX 2025-12-15 [SC] [Expires: 2027-12-15]
+ D71C9B1CA898A2408D55EDCXXXXXXXX
+uid [ Absolute ] xxxx <[email protected]>
+sig 3 XXXXXXXX 2025-12-15 [Self-signature]
+sub rsa4096/XXXXX 2025-12-15 [E] [Expires: 2027-12-15]
+sig XXXXXXXX 2025-12-15 [Self-signature]
+
+```
+
+Upload the public key to the public key server:
+
+```bash
+[root@localhost gpgtest]# gpg --keyserver keys.openpgp.org --send-key XXXXXXXX
+gpg: sending key XXXXXXXX to hkp server keys.openpgp.org
+```
+
+## 1.3 POM Configuration
+
+Configure the POM file to deploy the version to the ASF Nexus repository.
+
+① Add Apache POM inheritance default settings:
+
+```xml
+<parent>
+ <groupId>org.apache</groupId>
+ <artifactId>apache</artifactId>
+ <version>31</version>
+</parent>
+```
+
+② Add key information to the Maven configuration file `settings.xml`:
+
+```xml
+<settings>
+ <profiles>
+ <profile>
+ <id>signed_release</id>
+ <properties>
+ <mavenExecutorId>forked-path</mavenExecutorId>
+ <gpg.keyname>yourKeyName</gpg.keyname>
+
<deploy.url>https://dist.apache.org/repos/dist/dev/incubator/fesod/</deploy.url>
+ </properties>
+ </profile>
+ </profiles>
+ <servers>
+ <server>
+ <id>apache.snapshots.https</id>
+ <username>yourApacheID</username>
+ <password>yourApachePassword</password>
+ </server>
+ <server>
+ <id>apache.releases.https</id>
+ <username>yourApacheID</username>
+ <password>yourApachePassword</password>
+ </server>
+ <server>
+ <id>gpg.passphrase</id>
+ <passphrase>yourKeyPassword</passphrase>
+ </server>
+ </servers>
+</settings>
+```
+
+**Tips:** It is recommended to use [Maven's password encryption
capabilities](http://maven.apache.org/guides/mini/guide-encryption.html) to
encrypt `gpg.passphrase`.
+
+# 2. Release Process
+
+## 2.1 Prepare Branch
+
+Create a new release branch from the main branch. For example, if you want to
release version `${release_version}`, create a new branch `${release_version}`
from the development branch. All modifications involving Release Candidates and
tagging for `${release_version}` will be done on this branch. Ensure that all
GitHub Actions CI checks pass on this branch. Finally, merge it back into the
main branch after the release is complete.
+
+Example: If the Java SDK needs to release version `2.2.0-incubating`, create a
new branch `release-2.2.0-incubating` from the `main` branch, and submit a
commit on this branch replacing the Snapshot version number with the
`2.2.0-incubating` version number.
+
+## 2.2 Prepare Binary and Source Packages
+
+### 2.2.1 Prepare the SDK release according to [publishing maven
artifacts](https://infra.apache.org/publishing-maven-artifacts.html) [4]
instructions
+
+```bash
+mvn clean deploy -Papache-release -DskipTests -Dgpg.skip=false
+```
+
+At this point, the Fesod SDK is published to the [Staging
Repository](https://repository.apache.org/#stagingRepositories) (requires
Apache account login). Find the released version (i.e., `${STAGING.RELEASE}`)
and click **Close**.
+
+Note: If the close operation fails, it is likely because the public key
corresponding to the signing key cannot be found on keys.openpgp.org. Please
check via [OpenPGP Keyserver (ubuntu.com)](https://keyserver.ubuntu.com/).
+
+### 2.2.2 Package Source
+
+First, confirm that the current codebase is ready for release.
+
+```bash
+# 1. Switch to the main branch and update
+git checkout main
+git pull
+
+# 2. Create a GPG signed Tag
+# Note: Ensure the content in -m is accurate
+git tag -s 2.0.0-incubating-rc1 -m "release: release for 2.0.0-incubating RC1"
+
+# 3. Push the Tag to the remote repository
+git push [email protected]:apache/fesod.git 2.0.0-incubating-rc1
+```
+
+Use `git archive` to ensure the source package is clean (excludes the .git
directory or other ignored files).
+
+```bash
+# 1. Export the source package
+git archive --format=tar.gz \
+ --prefix=apache-fesod-2.0.0-incubating-src/ \
+ -o apache-fesod-2.0.0-incubating-src.tar.gz \
+ e7546d1138d4d3a638df10193a4c29c50a7e55d8
+```
+
+> **Note**: The hash `e7546d11...` here corresponds to the commit hash of tag
`2.0.0-incubating-rc1`.
+
+### 2.2.3 Sign and Hash
+
+Perform GPG signing and SHA512 calculation on the generated source package.
+
+```bash
+# 1. GPG Signature (.asc)
+for i in *.tar.gz; do
+ echo "Signing $i";
+ gpg --armor --output $i.asc --detach-sig $i ;
+done
+
+# 2. Generate SHA512 Checksum (.sha512)
+for i in *.tar.gz; do
+ echo "Hashing $i";
+ sha512sum $i > $i.sha512 ;
+done
+
+# 3. Verify (Optional)
+gpg --verify apache-fesod-2.0.0-incubating-src.tar.gz.asc
apache-fesod-2.0.0-incubating-src.tar.gz
+sha512sum -c apache-fesod-2.0.0-incubating-src.tar.gz.sha512
+```
+
+### 2.2.4 Upload Source Package to SVN (Upload to Dist)
+
+Upload the signed source package to the Apache development distribution area
(`dist/dev`).
+
+```bash
+# 1. Checkout SVN dev repository
+svn co https://dist.apache.org/repos/dist/dev/incubator/fesod/
+cd fesod-dev
+
+# 2. Create version directory
+mkdir 2.0.0-incubating-rc1
+cd 2.0.0-incubating-rc1
+
+# 3. Copy files (assuming files are in the parent directory)
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz .
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz.asc .
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz.sha512 .
+
+# 4. Commit to SVN
+cd ..
+svn add 2.0.0-incubating-rc1
+svn commit -m "Add 2.0.0-incubating-rc1 source release"
+```
+
+---
+
+# 3. Voting Phase
+
+## 3.1 Internal Community Vote
+
+**The vote lasts for at least 72 hours and requires 3 +1 binding votes.**
+
+Send to:
+
+```mail
[email protected]
+
+```
+
+Subject:
+
+`[VOTE]Release Apache Fesod (Incubating) x.x.x-RCN (RoundN)`
+
+RC N and Round N: N represents the count, i.e., which round of voting for this
version.
+
+Body:
+
+```text
+Hi Fesod Community,
+
+This is a call for vote to release Apache Fesod(incubating) 2.0.0-incubating.
+
+The release candidates:
+https://dist.apache.org/repos/dist/dev/incubator/fesod/2.0.0-incubating-rc1
+
+The staging repo:
+https://repository.apache.org/content/repositories/orgapachefesod-1016
+
+Git tag for the release:
+https://github.com/apache/fesod/releases/tag/2.0.0-incubating-rc1
+
+Hash for the release tag:
+e7546d1138d4d3a638df10193a4c29c50a7e55d8
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/2.0.0-incubating-rc1
+
+The artifacts have been signed with Key [ 72D5936C ], corresponding
+to
+[ [email protected] ]
+which can be found in the keys file:
+https://downloads.apache.org/incubator/fesod/KEYS
+
+Build Environment: JDK 8+, Apache Maven 3.6.0+.
+./mvnw clean package -DskipTests
+
+
+The vote will be open for at least 72 hours.
+
+Please vote accordingly:
+
+[ ] +1 approve
+[ ] +0 no opinion
+[ ] -1 disapprove with the reason
+
+Checklist for reference:
+
+[ ] Download links are valid.
+[ ] Checksums and signatures.
+[ ] LICENSE/NOTICE files exist
+[ ] No unexpected binary files
+[ ] All source files have ASF headers
+[ ] Can compile from source
+
+To learn more about Apache Fesod , please see https://fesod.apache.org/
+```
+
+### 3.1.2 Complete Vote
+
+Publish the vote pass email.
+
+```text
+Hi Community,
+
+
+The vote to release Apache Fesod (Incubating) vx.x.x-RCN has passed
+with 3 +1 binding votes, and no +0 or -1 votes.
+
+3 (+1 binding)
+
+- XXX
+
+- XXX
+
+- XXX
+
+no further 0 or -1 votes.
+
+
+The vote thread:
+Link to the corresponding voting email thread, e.g.:
+https://lists.apache.org/thread/rwco6lms9qo10whjj8gg1dr8j7drl2gf
+
+Thank you for reviewing and voting for our release candidate.
+
+We will soon launch the second stage of voting.
+```
+
+## 3.2 Vote in Incubator
+
+### 3.2.1 Vote in Incubator
+
+Similar to the community vote, but requires adding the community vote thread
link to prove that consensus has been reached within the community.
+
+Send email to `[email protected]`
+
+Subject:
+
+`[VOTE]Release Apache Fesod (Incubating) x.x.x-RCN`
+
+**The vote lasts for at least 72 hours and requires 3 +1 binding votes.**
+
+```text
+Hello everyone,
+
+This is a call for vote to release Apache Fesod(incubating) vx.x.x
+
+The Apache Fesod community has voted and approved the release of Apache
+Fesod(incubating) vx.x.x. We now kindly request the IPMC members
+review and vote for this release.
+
+
+The vote thread:
+Link to the voting thread in the community, e.g.:
+https://lists.apache.org/thread/r6hsbb9tmsqmn9s7q9qptv3z287lkcbf
+
+Vote Result:
+Link to the vote result thread in the community, e.g.:
+https://lists.apache.org/thread/r6hsbb9tmsqmn9s7q9qptv3z287lkcbf
+
+The release candidates:
+https://dist.apache.org/repos/dist/dev/incubator/fesod/x.x.x/
+
+The staging repo:
+https://repository.apache.org/content/repositories/$
+
+Git tag for the release:
+https://github.com/apache/fesod/releases/tag/vx.x.x
+
+Hash for the release tag:
+The commit ID of the last commit on the tag branch
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/vx.x.x
+
+The artifacts have been signed with Key [ key-id ], corresponding
+to
+[ Email e.g. [email protected] ]
+which can be found in the keys file:
+https://downloads.apache.org/incubator/fesod/KEYS
+
+Build Environment: JDK 8+, Apache Maven 3.6.0+.
+/mvnw clean package -DskipTests=true
+
+The vote will be open for at least 72 hours.
+
+Please vote accordingly:
+
+[ ] +1 approve
+[ ] +0 no opinion
+[ ] -1 disapprove with the reason
+
+Checklist for reference:
+
+[ ] Download links are valid.
+[ ] Checksums and signatures.
+[ ] LICENSE/NOTICE files exist
+[ ] No unexpected binary files
+[ ] All source files have ASF headers
+[ ] Can compile from source
+
+To learn more about Apache Fesod , please see https://fesod.apache.org/
+```
+
+### 3.2.2 Announce Incubator Vote Result
+
+After 72 hours, if there are at least 3 passing votes and no opposing votes,
send the result email referencing the following template.
+
+Send email to `[email protected]`
+
+Subject: `[RESULT][VOTE] Release Apache Fesod (incubating) x.x.x-RCN`
+
+```text
+Hi Incubator PMC,
+
+The vote to release Apache Fesod(incubating) X.X.X-RCN has passed with
+3 +1 binding and 1 +1 non-binding votes, no +0 or -1 votes.
+
+Binding votes:
+
+- XXX
+- XXX
+- XXX
+
+Non-Binding votes:
+
+- XXX
+
+Vote thread:
+https://lists.apache.org/thread/o7vwdvtolclcv1y4j4ozshj923ppwlnl
+
+Thanks for reviewing and voting for our release candidate. We will
+proceed with publishing the approved artifacts and sending out the
+announcement soon.
+```
+
+# 4. Finalize Release
+
+## 4.1 Release Version
+
+1. From the Apache Nexus repository, select the previously closed
**orgapachefesod-XXX** and click the `Release` icon.
+2. Move the signature files, src, and bin from the dev path to the release
path, referring to the following command:
+ `svn mv https://dist.apache.org/repos/dist/dev/incubator/fesod/x.x.x-RCN
https://dist.apache.org/repos/dist/release/incubator/fesod/x.x.x -m "Release
Fesod X.X.X"`
+3. Set the previous release note to "Set as the latest release" and submit.
+4. Update the x.x.x documentation on the Fesod official website, and add the
corresponding download links for binary and source.
+
+## 4.2 Announcement
+
+Send email to `[email protected]`
+
+Subject: `[ANNOUNCE] Apache Fesod(Incubating) vx.x.x available`
+
+```text
+Hi All,
+
+The Apache Fesod(Incubating) vx.x.x has been released!
+
+Apache Fesod is an easy-to-use, high-performance, open source distributed
transaction solution.
+
+Download Links: [https://fesod.apache.org/download/fesod/
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/vx.x.x/
+
+Website: https://fesod.apache.org/
+
+Resources:
+- Issue: https://github.com/apache/fesod/issues
+- Mailing list: [email protected]
+```
diff --git a/website/community/release/verify-release.md
b/website/community/release/verify-release.md
index 31686427..13713919 100644
--- a/website/community/release/verify-release.md
+++ b/website/community/release/verify-release.md
@@ -149,9 +149,10 @@ Manually check the following files in the root directory:
* [ ] **LICENSE:** Exists and contains the Apache License 2.0.
* [ ] **NOTICE:**
-* Exists.
-* Copyright year is current (e.g., includes 2025/2026).
-* Contains required attributions for bundled dependencies (if any).
+* * Exists.
+* * Copyright year is current (e.g., includes 2025/2026).
+* * Contains required attributions for bundled dependencies (if any).
+* [ ] **DISCLAIMER:** Exists.
### 4. Email Reply Templates
diff --git
a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
index 7d188176..d212175b 100644
---
a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
+++
b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
@@ -3,4 +3,513 @@ id: 'release-version'
title: '如何发布版本'
---
-本教程详细描述了如何发布 Apache Fesod (Incubating) 版本,以2.0.0版本的发布为例进行说明。
+# 1. 前言
+
+## 1.1 Apache 版本发布文档
+
+参考以下链接,了解 ASF 版本发布流程:
+
+- [Apache Release Guide](http://www.apache.org/dev/release-publishing)
+- [Apache Release Policy](http://www.apache.org/dev/release.html)
+- [Maven Release
Info](http://www.apache.org/dev/publishing-maven-artifacts.html)
+
+## 1.2 PGP 签名
+
+遵循 Apache 版本发布指南,对发布版本签名,用户也可据此判断下载的版本是否被篡改。
+
+创建 `pgp` 密钥用于版本签名,使用 **\<your Apache ID>@apache.org** 作为密钥 USER-ID
+
+详情可参考 [Apache Releases Signing
documentation](https://infra.apache.org/release-signing),[Cryptography with
OpenPGP](http://www.apache.org/dev/openpgp.html)
+
+生成密钥的简要流程:
+
+- 通过`gpg --full-gen-key` 生成一个新的 `gpg` 密钥, 设置密钥长度为 4096
+
+ 注:可设置永不过期,也可根据自己需求设置一定的过期时间,但需要在过期后更新的公钥到[DEV KEYS
file](https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS) 和 [RELEASE
KEYS file](https://dist.apache.org/repos/dist/release/incubator/fesod/KEYS)
+
+- 通过 `gpg --keyserver keys.openpgp.org --send-key <your key id>` 上传密钥到公钥服务器
+
+ 注:如若访问不通,可通过[OpenPGP Keyserver (ubuntu.com)](https://keyserver.ubuntu.com/)
在线上传公钥
+
+ ```bash
+ 使用该命令可查到keyid如:gpg --list-signatures --keyid-format LONG
+ pub rsa4096/XXXXXXXX 2025-12-15 [SC] [有效至:2027-12-15]
+ F2D3A28A392129B927C7FB42XXXXXXXX
+ uid [ 绝对 ] xxxx <[email protected]>
+ sig 3 XXXXXXXX 2025-12-15 [自签名]
+ sub rsa4096/XXXXX 2025-12-15 [E] [有效至:2027-12-15]
+ sig XXXXXXXX 2025-12-15 [自签名]
+ ```
+
+- 通过 `gpg --armor --output ./public-key.txt --export XXXXXXXX` 导出公钥到文本文件
+
+- 将生成的密钥追加到[DEV KEYS
file](https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS) 和 [RELEASE
KEYS file](https://dist.apache.org/repos/dist/release/incubator/fesod/KEYS)
+
+注意:
+
+DEV SVN 仓库可以由 Release Manager 自行添加,Release SVN 仓库需要 PMC 权限,可以由 PMC 协助将 KEY
进行上传。
+
+**Tips:** 需要设置默认公钥, 若有多个公钥,请修改 `~/.gnupg/gpg.conf`
+
+参考示例:
+
+```text
+gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+ (1) RSA and RSA (default)
+ (2) DSA and Elgamal
+ (3) DSA (sign only)
+ (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: (设置用户名)(使用apache id)
+Email address: (设置邮件地址)(使用apache邮箱)
+Comment: (填写注释)
+You selected this USER-ID:
+ "用户名 (注释) <邮件地址>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key. (设置密码)
+```
+
+将生成的公钥和私钥转化为 ASCII 形式:
+
+```bash
+gpg --armor --output ./public-key.txt --export XXXXXXXX
+gpg --armor --output ./private-key.txt --export-secret-keys XXXXXXXX
+```
+
+查看密钥列表:
+
+```text
+[root@localhost ~]# gpg --list-signatures --keyid-format LONG
+[keyboxd]
+---------
+pub rsa4096/XXXXXXXX 2025-12-15 [SC] [有效至:2027-12-15]
+ D71C9B1CA898A2408D55EDCXXXXXXXX
+uid [ 绝对 ] xxxx <[email protected]>
+sig 3 XXXXXXXX 2025-12-15 [自签名]
+sub rsa4096/XXXXX 2025-12-15 [E] [有效至:2027-12-15]
+sig XXXXXXXX 2025-12-15 [自签名]
+```
+
+上传公钥到公钥服务器
+
+```bash
+[root@localhost gpgtest]# gpg --keyserver keys.openpgp.org --send-key XXXXXXXX
+gpg: sending key XXXXXXXX to hkp server keys.openpgp.org
+```
+
+## 1.3 POM 配置
+
+配置 POM 文件,以便将版本部署到 ASF Nexus 仓库。
+
+① 添加 Apache POM 继承默认设置
+
+```xml
+<parent>
+ <groupId>org.apache</groupId>
+ <artifactId>apache</artifactId>
+ <version>31</version>
+</parent>
+```
+
+② Maven 配置文件 `settings.xml` 中添加密钥信息
+
+```xml
+<settings>
+ <profiles>
+ <profile>
+ <id>signed_release</id>
+ <properties>
+ <mavenExecutorId>forked-path</mavenExecutorId>
+ <gpg.keyname>yourKeyName</gpg.keyname>
+
<deploy.url>https://dist.apache.org/repos/dist/dev/incubator/fesod/</deploy.url>
+ </properties>
+ </profile>
+ </profiles>
+ <servers>
+ <!-- To publish a snapshot of some part of Maven -->
+ <server>
+ <id>apache.snapshots.https</id>
+ <username>yourApacheID</username>
+ <!-- Use the password encryption by maven -->
+ <password>yourApachePassword</password>
+ </server>
+ <!-- To stage a release of some part of Maven -->
+ <server>
+ <id>apache.releases.https</id>
+ <username>yourApacheID</username>
+ <password>yourApachePassword</password>
+ </server>
+ <server>
+ <id>gpg.passphrase</id>
+ <passphrase>yourKeyPassword</passphrase>
+ </server>
+ </servers>
+</settings>
+```
+
+**Tips:** 推荐使用 [Maven's password encryption
capabilities](http://maven.apache.org/guides/mini/guide-encryption.html) 加密
`gpg.passphrase`
+
+# 2.发布流程
+
+## 2.1 准备分支
+
+从主干分支拉取新分支作为发布分支,如现在要发布 `${release_version}` 版本,则从开发分支拉出新分支
`${release_version}`,此后`${release_version}` Release Candidates
涉及的修改及打标签等都在`${release_version}`分支进行,并保证该分支的github actions ci全部通过,最终发布完成后合入主干分支。
+
+例:如 Java SDK 需要发布 `2.2.0-incubating` 版本,从 `main` 分支拉出新分支
`release-2.2.0-incubating`,并在此分支提交从 Snapshot版本号 替换为 `2.2.0-incubating` 版本号的
commit。
+
+### 2.2 预发布二进制包和源码
+
+### 2.2.1 SDK根据 [publishing maven
artifacts](https://infra.apache.org/publishing-maven-artifacts.html) [4] 的说明准备发布
+
+```bash
+mvn clean deploy -Papache-release -DskipTests -Dgpg.skip=false
+```
+
+此时,fesod sdk被发布到 [预发仓库](https://repository.apache.org/#stagingRepositories)
(需要apache账号密码登录),找到发布的版本,即 `${STAGING.RELEASE}`, 并点击 Close。
+
+注:如果close失败很可能是因为签名的秘钥对应的公钥在keys.openpgp.org中无法获取到,请自行通过[OpenPGP Keyserver
(ubuntu.com)](https://keyserver.ubuntu.com/) 检查
+
+### 2.2.2 打包源代码 (Package Source)
+
+首先,确认当前代码库处于准备发布的状态。
+
+```bash
+# 1. 切换到主分支并更新
+git checkout main
+git pull
+
+# 2. 创建 GPG 签名的 Tag
+# 注意:请确保 -m 中的内容准确
+git tag -s 2.0.0-incubating-rc1 -m "release: release for 2.0.0-incubating RC1"
+
+# 3. 推送 Tag 到远程仓库
+git push [email protected]:apache/fesod.git 2.0.0-incubating-rc1
+```
+
+使用 `git archive` 确保源码包的纯净(不包含 .git 目录或其他忽略文件)。
+
+```bash
+# 1. 导出源码包
+git archive --format=tar.gz \
+ --prefix=apache-fesod-2.0.0-incubating-src/ \
+ -o apache-fesod-2.0.0-incubating-src.tar.gz \
+ e7546d1138d4d3a638df10193a4c29c50a7e55d8
+```
+
+> **注意**:这里的 hash `e7546d11...` 对应 tag `2.0.0-incubating-rc1` 的 commit hash。
+
+### 2.2.3 签名与校验 (Sign and Hash)
+
+对生成的源码包进行 GPG 签名和 SHA512 计算。
+
+```bash
+# 1. GPG 签名 (.asc)
+for i in *.tar.gz; do
+ echo "Signing $i";
+ gpg --armor --output $i.asc --detach-sig $i ;
+done
+
+# 2. 生成 SHA512 校验和 (.sha512)
+for i in *.tar.gz; do
+ echo "Hashing $i";
+ sha512sum $i > $i.sha512 ;
+done
+
+# 3. 验证 (可选)
+gpg --verify apache-fesod-2.0.0-incubating-src.tar.gz.asc
apache-fesod-2.0.0-incubating-src.tar.gz
+sha512sum -c apache-fesod-2.0.0-incubating-src.tar.gz.sha512
+```
+
+### 2.2.4 上传源码包至 SVN (Upload to Dist)
+
+将签好名的源码包上传到 Apache 开发分发区 (`dist/dev`)。
+
+```bash
+# 1. 检出 SVN dev 仓库
+svn co https://dist.apache.org/repos/dist/dev/incubator/fesod/ fesod-dev
+cd fesod-dev
+
+# 2. 创建版本目录
+mkdir 2.0.0-incubating-rc1
+cd 2.0.0-incubating-rc1
+
+# 3. 复制文件 (假设文件在上一级目录)
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz .
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz.asc .
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz.sha512 .
+
+# 4. 提交到 SVN
+cd ..
+svn add 2.0.0-incubating-rc1
+svn commit -m "Add 2.0.0-incubating-rc1 source release"
+```
+
+---
+
+# 3.投票阶段
+
+## 3.1 社区内部投票
+
+**投票持续至少 72 小时并获得 3 个+1 binding票**
+
+发送至:
+
+```mail
[email protected]
+```
+
+标题:
+
+`[VOTE]Release Apache Fesod (Incubating) x.x.x-RCN (RoundN)`
+
+RC N和Round N的N代表次数,该版本的第几次投票
+
+正文:
+
+```text
+Hi Fesod Community,
+
+This is a call for vote to release Apache Fesod(incubating) 2.0.0-incubating.
+
+The release candidates:
+https://dist.apache.org/repos/dist/dev/incubator/fesod/2.0.0-incubating-rc1
+
+The staging repo:
+https://repository.apache.org/content/repositories/orgapachefesod-1016
+
+Git tag for the release:
+https://github.com/apache/fesod/releases/tag/2.0.0-incubating-rc1
+
+Hash for the release tag:
+e7546d1138d4d3a638df10193a4c29c50a7e55d8
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/2.0.0-incubating-rc1
+
+The artifacts have been signed with Key [ 72D5936C ], corresponding
+to
+[ [email protected] ]
+which can be found in the keys file:
+https://downloads.apache.org/incubator/fesod/KEYS
+
+Build Environment: JDK 8+, Apache Maven 3.6.0+.
+./mvnw clean package -DskipTests
+
+
+The vote will be open for at least 72 hours.
+
+Please vote accordingly:
+
+[ ] +1 approve
+[ ] +0 no opinion
+[ ] -1 disapprove with the reason
+
+Checklist for reference:
+
+[ ] Download links are valid.
+[ ] Checksums and signatures.
+[ ] LICENSE/NOTICE files exist
+[ ] No unexpected binary files
+[ ] All source files have ASF headers
+[ ] Can compile from source
+
+To learn more about Apache Fesod , please see https://fesod.apache.org/
+```
+
+### 3.1.2 完成投票
+
+发布投票通过邮件
+
+```text
+Hi Community,
+
+
+The vote to release Apache Fesod (Incubating) vx.x.x-RCN has passed
+with 3 +1 binding votes, and no +0 or -1 votes.
+
+3 (+1 binding)
+
+- XXX
+
+- XXX
+
+- XXX
+
+no further 0 or -1 votes.
+
+
+The vote thread:
+所对应投票邮件的thread链接,如:
+https://lists.apache.org/thread/rwco6lms9qo10whjj8gg1dr8j7drl2gf
+
+Thank you for reviewing and voting for our release candidate.
+
+We will soon launch the second stage of voting.
+```
+
+## 3.2 孵化器投票
+
+### 3.2.1 孵化器中投票
+
+与社区投票类似,但是需要增加社区投票相关的thread链接,以证明已在社区内达成一致
+
+发送邮件至 `[email protected]`
+
+标题:
+
+`[VOTE]Release Apache Fesod (Incubating) x.x.x-RCN`
+
+**投票持续至少 72 小时并获得 3 个+1 binding票**
+
+```text
+Hello everyone,
+
+This is a call for vote to release Apache Fesod(incubating) vx.x.x
+
+The Apache Fesod community has voted and approved the release of Apache
+Fesod(incubating) vx.x.x. We now kindly request the IPMC members
+review and vote for this release.
+
+
+The vote thread:
+社区中投票的thread链接, 如:
+https://lists.apache.org/thread/r6hsbb9tmsqmn9s7q9qptv3z287lkcbf
+
+Vote Result:
+社区中投票通过的result thread链接,如:
+https://lists.apache.org/thread/r6hsbb9tmsqmn9s7q9qptv3z287lkcbf
+
+The release candidates:
+https://dist.apache.org/repos/dist/dev/incubator/fesod/x.x.x/
+
+The staging repo:
+https://repository.apache.org/content/repositories/${STAGING.RELEASE}/
+
+Git tag for the release:
+https://github.com/apache/fesod/releases/tag/vx.x.x
+
+Hash for the release tag:
+tag分支最后一条commit的id
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/vx.x.x
+
+The artifacts have been signed with Key [ key-id ], corresponding
+to
+[ 邮箱如[email protected] ]
+which can be found in the keys file:
+https://downloads.apache.org/incubator/fesod/KEYS
+
+Build Environment: JDK 8+, Apache Maven 3.6.0+.
+/mvnw clean package -DskipTests=true
+
+The vote will be open for at least 72 hours.
+
+Please vote accordingly:
+
+[ ] +1 approve
+[ ] +0 no opinion
+[ ] -1 disapprove with the reason
+
+Checklist for reference:
+
+[ ] Download links are valid.
+[ ] Checksums and signatures.
+[ ] LICENSE/NOTICE files exist
+[ ] No unexpected binary files
+[ ] All source files have ASF headers
+[ ] Can compile from source
+
+To learn more about Apache Fesod , please see https://fesod.apache.org/
+```
+
+### 3.2.2 公示孵化器投票结果
+
+72 小时后,若至少有 3 票通过而没有反对票,则参考如下邮件进行发送结果
+
+发送邮件至 `[email protected]`
+
+标题:`[RESULT][VOTE] Release Apache Fesod (incubating) x.x.x-RCN`
+
+```text
+Hi Incubator PMC,
+
+The vote to release Apache Fesod(incubating) X.X.X-RCN has passed with
+3 +1 binding and 1 +1 non-binding votes, no +0 or -1 votes.
+
+Binding votes:
+
+- XXX
+- XXX
+- XXX
+
+Non-Binding votes:
+
+- XXX
+
+Vote thread:
+https://lists.apache.org/thread/o7vwdvtolclcv1y4j4ozshj923ppwlnl
+
+Thanks for reviewing and voting for our release candidate. We will
+proceed with publishing the approved artifacts and sending out the
+announcement soon.
+```
+
+# 4.完成发布
+
+## 4.1 release 版本
+
+1. 从Apache Nexus 仓库, 选择之前进行close过的的 **orgapachefesod-XXX** 点击 `Release` 图标发布
+
+2. 将dev下的签名文件、src、bin移动到release路径下,参考如下命令:
+
+ `svn mv https://dist.apache.org/repos/dist/dev/incubator/fesod/x.x.x-RCN
https://dist.apache.org/repos/dist/release/incubator/fesod/x.x.x -m "Release
Fesod X.X.X"`
+
+3. 将之前release note设置为Set as the latest release并提交
+
+4. 将x.x.x的文档更新至fesod官网中,并补充对应binary和source的下载链接
+
+## 4.2 版本公示
+
+发送邮件至 `[email protected]`
+
+标题 `[ANNOUNCE] Apache Fesod(Incubating) vx.x.x available`
+
+```text
+Hi All,
+
+The Apache Fesod(Incubating) vx.x.x has been released!
+
+Apache Fesod is an easy-to-use, high-performance, open source distributed
transaction solution.
+
+Download Links: https://fesod.apache.org/download/fesod/
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/vx.x.x/
+
+Website: https://fesod.apache.org/
+
+Resources:
+- Issue: https://github.com/apache/fesod/issues
+- Mailing list: [email protected]
+```
diff --git
a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
index 89acc5a2..226fca86 100644
---
a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
+++
b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
@@ -161,11 +161,11 @@ find . -name rat.txt -print0 | xargs -0 -I file cat file
| grep "Unapproved Lice
* [ ] **LICENSE 文件:** 存在且内容标准 (Apache License 2.0)。
* [ ] **NOTICE 文件:**
-* 存在。
-* 年份正确 (例如包含 2025/2026)。
-* 如果引入了其他必须在 NOTICE 中声明的依赖,需确认已包含。
+* * 存在
+* * 年份正确 (例如包含 2025/2026)。
+* * 如果引入了其他必须在 NOTICE 中声明的依赖,需确认已包含。
-* [ ] **DISCLAIMER 文件:** 存在(孵化项目必须)。
+* [ ] **DISCLAIMER 文件:** 存在(孵化项目必须存在)。
### 4. 邮件回复示例
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
