I have to confess -- the documentation on ASF incubator and related does not lay out an easy 1, 2, 3 of what one should do with respect to setting up a release. Can someone please confirm whether :
uploading things to https://dist.apache.org/ ? is the place to upload? If so, where are the instructions to do that? Do I have credentials? Otherwise I believe I have grokked enough of the signing process to know how to do that -- again a 1, 2, 3 of here's how you upload the public key to KEYS, would help here. Cheers, Stefan On Sat, Sep 6, 2025 at 10:32 PM Stefan Krawczyk <[email protected]> wrote: > Hey Mentors, > > Is this the right mental model: > > 1. Create a compressed file of the source release. > 2. Sign it > 3. Upload the release candidate + crypto signature to > https://dist.apache.org/ > 4. Vote > 5. Move release candidate to be actual release. > 6. Do any github/pypi stuff that's equivalent. > > ? > > Questions: > > 1. Can we sign up for automated release signing > <https://infra.apache.org/release-signing.html#automated-release-signing>? > Or explain if we do it off a laptop, how do we manage private keys? > 2. How do we get access to uploading things to https://dist.apache.org/ ? > 3. It seems like there is no single way to sign a package, we just have to > sign it with something that's approved, right? > 4. Who can create the pypi packages with the apache- prefix? Is that > something infra owns? Or we do it ourselves? I want to dual publish the > packages. > > Cheers, > > Stefan >
