Dear Wiki user, You have subscribed to a wiki page or wiki category on "Commons Wiki" for change notification.
The following page has been changed by EmmanuelBourg: http://wiki.apache.org/jakarta-commons/SigningReleases The comment on the change is: Fixed some typo ------------------------------------------------------------------------------ Releases must be signed prior to release, but the procedure for how to sign releases hasn't been formalized so far. This document is a scratchboard to gather links and resources so that we can end up with a document with adequate info for the novice ReleaseManager, to be transcribed and put [http://www.apache.org/dev/ here]. - This procedure has been formalised and well documented for httpd, available at http://httpd.apache.org/dev/release.html. Java based projects may find the [http://commons.apache.org/releases commons release document] useful. + This procedure has been formalized and well documented for httpd, available at http://httpd.apache.org/dev/release.html. Java based projects may find the [http://commons.apache.org/releases commons release document] useful. Note that for some good commentary on how users can verify signatures (with some useful background), see http://httpd.apache.org/dev/verification.html @@ -79, +79 @@ * Unzip the install program * Run the install program (and restart) - * Press["Later"] on the registration screen. (We can preview indefinately for non-profit use.) + * Press["Later"] on the registration screen. (We can preview indefinitely for non-profit use.) * Enter your personal name and email (@apache.org), and a passphrase. (8 characters or more.) * After the keys are generated, open the PGPKeys applet. * Run Server/Send To/Domain Server to register your public key with pgp.com. @@ -100, +100 @@ == Publish your key to the KEYS file == - You need to publish just the '''public''' half of your PGP/GPG key so that users can download it to verify the signatures later. You must publish it to the KEYS file that should be checked into CVS - either in your subproject's area, or perhaps in a global KEYS file somewhere on Apache. You may also wish to publish it to public keyservers as well, although this is optional. Note that the ASF does not have a specific public keyserver. To publish your key to the KEYS file, just export the public half of your key into a plain text file, and then just copy and paste it into the KEYS file. You can optionally add a line above your key with your name on it, but this is not required. Be sure to checkin the KEYS file before uploading the release! + You need to publish just the '''public''' half of your PGP/GPG key so that users can download it to verify the signatures later. You must publish it to the KEYS file that should be checked into CVS - either in your subproject's area, or perhaps in a global KEYS file somewhere on Apache. You may also wish to publish it to public keyservers as well, although this is optional. Note that the ASF does not have a specific public keyserver. To publish your key to the KEYS file, just export the public half of your key into a plain text file, and then just copy and paste it into the KEYS file. You can optionally add a line above your key with your name on it, but this is not required. Be sure to check in the KEYS file before uploading the release! Some public servers you might consider: @@ -153, +153 @@ SIGNING - There is protocol for this, but basicly it comes down to this. + There is protocol for this, but basically it comes down to this. -- Find someone (we'll call him/her Joe) who is in the apache web-of-trust ; someone you can meet face-to-face. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
