This is an automated email from the ASF dual-hosted git repository. cris pushed a commit to branch update/release-management-appendex-a in repository https://gitbox.apache.org/repos/asf/sling-site.git
commit e14a9e6cd4aa96094d65e45ac4a034294a6e347a Author: Cris Rockwell <[email protected]> AuthorDate: Mon Oct 19 14:29:19 2020 -0400 updated doc release-management.md as suggested in the dev email chain on 10/19/2020 --- .../development/release-management.md | 26 +++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/main/jbake/content/documentation/development/release-management.md b/src/main/jbake/content/documentation/development/release-management.md index a9ad040..5512467 100644 --- a/src/main/jbake/content/documentation/development/release-management.md +++ b/src/main/jbake/content/documentation/development/release-management.md @@ -398,18 +398,6 @@ Considering that you are using a \*nix system with a working OpenSSH, GnuPG, and When gpg asks for e-mail linked the key you *MUST USE* the <committer>@apache.org one. When gpg asks for comment linked the key you *SHOULD USE* "CODE SIGNING KEY" -1. Add the key to [https://people.apache.org/keys/group/sling.asc](https://people.apache.org/keys/group/sling.asc) - - 1. Type the following command replacing the word `<e-mail>` with your Apache's one (<committer>@apache.org) to get the key signature - - $ gpg --fingerprint <e-mail> - - The key signature is in the output following the `Key fingerprint = ` part. - - 1. Add the key signature into the field 'OpenPGP Public Key Primary Fingerprint' in your profile at [https://id.apache.org](https://id.apache.org). - - 1. You are *DONE*, but to see the changes on [https://people.apache.org/keys/group/sling.asc](https://people.apache.org/keys/group/sling.asc) you may need to wait a few hours; - 1. You also have to add your public key either on `pool.sks-keyservers.net` or `pgp.mit.edu` (for the staging repository). To do so you can follow these steps: 1. Extract the key id from all the secret keys stored in the system: @@ -430,8 +418,20 @@ Considering that you are using a \*nix system with a working OpenSSH, GnuPG, and 1. Send the key towards e.g. `pool.sks-keyservers.net` via $ gpg --keyserver pool.sks-keyservers.net --send-key <key-id> + +1. Add the key to [https://people.apache.org/keys/group/sling.asc](https://people.apache.org/keys/group/sling.asc) + + 1. Type the following command replacing the word `<e-mail>` with your Apache's one (<committer>@apache.org) to get the key signature + + $ gpg --fingerprint <e-mail> + + The key signature is in the output following the `Key fingerprint = ` part. + + 1. Add the key signature into the field 'OpenPGP Public Key Primary Fingerprint' in your profile at [https://id.apache.org](https://id.apache.org). + + 1. You are *DONE*, but to see the changes on [https://people.apache.org/keys/group/sling.asc](https://people.apache.org/keys/group/sling.asc) you may need to wait a few hours; -1. Now add your public key to <https://downloads.apache.org/sling/KEYS> by adding it via SVN to <https://dist.apache.org/repos/dist/release/sling/KEYS>, e.g. via +1. Now send an email to [email protected] requesting a PMC member to add your public key to <https://downloads.apache.org/sling/KEYS> by adding it via SVN to <https://dist.apache.org/repos/dist/release/sling/KEYS>, e.g. via $ svn checkout https://dist.apache.org/repos/dist/release/sling/ sling --depth empty $ cd sling
