Author: kwin
Date: Thu Jan 21 16:48:20 2016
New Revision: 1726014
URL: http://svn.apache.org/viewvc?rev=1726014&view=rev
Log:
add section on how to upload key to keyserver and clarify fingerprinting on key
Modified:
sling/site/trunk/content/documentation/development/release-management.mdtext
Modified:
sling/site/trunk/content/documentation/development/release-management.mdtext
URL:
http://svn.apache.org/viewvc/sling/site/trunk/content/documentation/development/release-management.mdtext?rev=1726014&r1=1726013&r2=1726014&view=diff
==============================================================================
---
sling/site/trunk/content/documentation/development/release-management.mdtext
(original)
+++
sling/site/trunk/content/documentation/development/release-management.mdtext
Thu Jan 21 16:48:20 2016
@@ -313,7 +313,7 @@ Once the release has passed, the followi
## Appendix A: Create and Add your key to
[https://people.apache.org/keys/group/sling.asc](https://people.apache.org/keys/group/sling.asc)
-Considering that you are using a \*nix system with a working OpenSSH, GnuPG,
and bash you can create and add your own key with the following command:
+Considering that you are using a \*nix system with a working OpenSSH, GnuPG,
and bash you can create and add your own key with the following commands:
1. Create a public/private pair key:
@@ -322,14 +322,38 @@ Considering that you are using a \*nix s
When gpg asks for e-mail linked the key you *MUST USE* the
<committer>@apache.org one
When gpg asks for comment linked the key you *SHOULD USE* "CODE SIGNING
KEY"
-1. Add the key to
[https://people.apache.org/keys/group/sling.asc](https://people.apache.org/keys/group/sling.asc)
type the following command replacing the word e-mail with your Apache's one
(<committer>@apache.org).
+1. Add the key to
[https://people.apache.org/keys/group/sling.asc](https://people.apache.org/keys/group/sling.asc)
by doing the following steps
+ 1. Type the following command replacing the word `<e-mail>` with your
Apache's one (<committer>@apache.org) to get the key signature
- $ gpg --fingerprint <committer>@apache.org
+ $ gpg --fingerprint <e-mail>
+
+ The key signature is in the output following the `Key fingerprint = `
+
+ 1. Add the key signature into the field 'OpenPGP Public Key Primary
Fingerprint' in your profile at [https://id.apache.org](https://id.apache.org)
+ 1. You are *DONE*, but to see the changes on
[https://people.apache.org/keys/group/sling.asc](https://people.apache.org/keys/group/sling.asc)
you may need to wait a few hours
+
+1. You also have to add your public key either on `pool.sks-keyservers.net` or
`pgp.mit.edu` (for the staging repository). To do so you can follow these steps:
+ 1. Extract the key id from all the secret keys stored in the system:
+
+ $ gpg --list-secret-keys.
+
+ The output is something like this
+
+ gpg --list-secret-keys
+ /Users/konradwindszus/.gnupg/secring.gpg
+ ----------------------------------------
+
+ sec 2048R/455ECC7C 2016-01-21
+ uid Konrad Windszus <[email protected]>
+ ssb 2048R/226BCE00 2016-01-21
+
+ The key id in this case is `455ECC7C`.
+
+ 1. Send the key towards e.g. `pool.sks-keyservers.net` via
+
+ $ gpg --keyserver pool.sks-keyservers.net --send-key <key-id>
+
-1. Add the key signature into the field 'OpenPGP Public Key Primary
Fingerprint' in your profile at [https://id.apache.org](https://id.apache.org)
-1. You are *DONE*, but to see the changes on
[https://people.apache.org/keys/group/sling.asc](https://people.apache.org/keys/group/sling.asc)
you may need to wait a few hours
-
-You also have to add your public key either on pool.sks-keyservers.net or
pgp.mit.edu (for the staging repository).
## Appendix B: Maven and SCM credentials
