Am 7. Februar 2019 07:57:54 MEZ schrieb Felix Schumacher
<[email protected]>:
>
>
>Am 6. Februar 2019 22:39:24 MEZ schrieb Philippe Mouawad
><[email protected]>:
>>Hello,
>>
>>We now have :
>>
>> - 30 enhancements
>> - 51 bugfixes
>>
>>I think the nightly is ready to be released.
>>
>>What's your opinion ?
>
>Yes. We should do a release.
>
>>Is there a volunteer for release management ?
>
>I would be willing to do so, but I would need a pgp key like you do :)
>
>>If not I'll try to , but I see there are some steps where I'll need
>>help
>>from usual release manager:
>>I don't understand this:
>>
>> -
>>
>> If necessary, update the META file with your GPG key id (if you act
>as
>> the release manager for the first time. Please visit
>>https://checker.apache.org/doc/README.html ) => HOW DO I GET The key
>>id
>> ?
>
>You generate a pgp/gpg key pair. The key from that pair has an ID that
>is assigned automatically upon generation.
>
>The public part of the pair will have to be signed by some known keys,
>so that it can be verified by others that have no direct contact to you
>(but trust the known keys).
>
>> -
>> - The META file needs to be signed by the PMC Chair of project
>with
>> this command:
>>
>>gpg -u [email protected] --armor --output META.asc
>>--detach-sig META
>
>This is done to have a known place where our key ids can be found.
>Those key ids are signed by the chair, so others can verify that the
>project trusts those values.
>
>>
>>=> Can I sign it or must it be milamber ?
>
>The meta file seems to be signed by milamber (but only when the id's
>are added)
>
>>
>>
>> - To verify the good signature, use this command:
>>
>>$ gpg --verify META.asc METAgpg: Signature made mar. 12 sept. 2017
>>18:05:19 WESTgpg: using RSA key
>>C4923F9ABFB2F1A06F08E88BAC214CAA0612B399gpg: issuer
>>"[email protected]"gpg: Good signature from "Milamber (ASF)
>><[email protected]>" [ultimate]gpg: aka "Milamber
>>(Milamberspace) <[email protected]>" [ultimate]
>>
>>=> When I do it
>>gpg --verify META.asc META
>>gpg: Signature made Tue 12 Sep 2017 05:05:19 PM UTC using RSA key ID
>>0612B399
>>gpg: Can't check signature: No public key
>
>I haven't tried that one, will have to do it when I am home again.
You have to import milambers public key into your PGP installation. His key is
together with other jmeter keys in the KEYS file in the same directory as the
META file.
This can be done with
gpg - -import < KEYS
The next thing you would have to do is to check the signature of the keys are
really those of milamber, sebb and the others.
Felix
>
>>
>>
>>Sorry for stupid questions.
>
>PGP is hard to understand and to get correctly handled.
>
>Regards,
> Felix
>
>>
>>
>>Regards
>>Philippe
>>
>>
>>
>>
>>
>>
>>
>>
>><https://www.openstreetmap.org/#map=18/50.69454/3.16455>
