excellent. thanks PJ! I think I have an RC now! On Sat, Sep 13, 2025 at 3:31 PM PJ Fanning <[email protected]> wrote:
> You need to use svn for https://dist.apache.org/repos/dist > Your Apache ID and password are needed to authenticate. > You need to add a KEYS file to release/incubator/hamilton. > The RC should go in dev/incubator/hamilton. > If the release is 0.10.0 then create an 0.10.0-RC1 dir in > dev/incubator/hamilton and put all the RC files in it. > > I would suggest that you do a sparse checkout because dist.apache.org > is massive. > > svn checkout --depth immediates https://dist.apache.org/repos/dist dist > cd dist/dev > svn checkout https://dist.apache.org/repos/dist/dev/incubator/hamilton > incubator/hamilton > <https://dist.apache.org/repos/dist/dev/incubator/hamiltonincubator/hamilton> > cd ../release > svn checkout https://dist.apache.org/repos/dist/release/incubator/hamilton > incubator/hamilton > <https://dist.apache.org/repos/dist/release/incubator/hamiltonincubator/hamilton> > > Hopefully, you will end up with > dist > dist/dev > dist/dev/incubator/hamilton > dist/release > dist/release/incubator/hamilton > dist/test > > Other than subdirs, all of these dirs should be empty initially. > > Example KEYS file: > https://dist.apache.org/repos/dist/release/pekko/KEYS > > Example RC > > https://dist.apache.org/repos/dist/dev/incubator/amoro/0.8.0-incubating-RC2/ > > On Sat, 13 Sept 2025 at 21:21, Stefan Krawczyk > <[email protected]> wrote: > > > > I have to confess -- the documentation on ASF incubator and related does > > not lay out an easy 1, 2, 3 of what one should do with respect to setting > > up a release. Can someone please confirm whether : > > > > uploading things to https://dist.apache.org/ ? > > > > is the place to upload? If so, where are the instructions to do that? Do > I > > have credentials? > > > > Otherwise I believe I have grokked enough of the signing process to know > > how to do that -- again a 1, 2, 3 of here's how you upload the public key > > to KEYS, would help here. > > > > Cheers, > > > > Stefan > > > > > > On Sat, Sep 6, 2025 at 10:32 PM Stefan Krawczyk < > [email protected]> > > wrote: > > > > > Hey Mentors, > > > > > > Is this the right mental model: > > > > > > 1. Create a compressed file of the source release. > > > 2. Sign it > > > 3. Upload the release candidate + crypto signature to > > > https://dist.apache.org/ > > > 4. Vote > > > 5. Move release candidate to be actual release. > > > 6. Do any github/pypi stuff that's equivalent. > > > > > > ? > > > > > > Questions: > > > > > > 1. Can we sign up for automated release signing > > > < > https://infra.apache.org/release-signing.html#automated-release-signing>? > > > Or explain if we do it off a laptop, how do we manage private keys? > > > 2. How do we get access to uploading things to > https://dist.apache.org/ ? > > > 3. It seems like there is no single way to sign a package, we just > have to > > > sign it with something that's approved, right? > > > 4. Who can create the pypi packages with the apache- prefix? Is that > > > something infra owns? Or we do it ourselves? I want to dual publish the > > > packages. > > > > > > Cheers, > > > > > > Stefan > > > >
