> -----Original Message-----
> From: justin.erenkra...@gmail.com [mailto:justin.erenkra...@gmail.com] On
> Behalf Of Justin Erenkrantz
> Sent: woensdag 31 augustus 2016 14:04
> To: Bert Huijben <b...@qqmail.nl>
> Cc: dev@serf.apache.org
> Subject: Re: [Vote] Apache Serf 1.3.9 up for signing/testing
>
> On Wed, Aug 31, 2016 at 8:02 AM, Bert Huijben <b...@qqmail.nl> wrote:
> > If you still want to add your signature, please commit them to
> > https://dist.apache.org/repos/dist/release/serf
>
> I don't know what the process for doing that is any more. Any
> pointers? -- justin
Hi Justin,
This is the first time we did this for serf, so I just used the method we used
for Subversion for several years.
http://subversion.apache.org/docs/community-guide/releasing.html#tarball-signing
The usual procedure is a checkout of
https://dist.apache.org/repos/dist/dev/serf, which gets you the artifacts and
.asc files
I scripted the signing for myself by calling
$ gpg -ba -o - "$file" >> "$file.asc"
'-b' is for a detached signature
'-a' is for an ascii signature
'-o -' sends the output to stdout, which allows the forwarding with >>
Committing the .asc files back stores them in the staging area... but I just
copied them from there to the release area ^/release/serf. But PMC members can
just add the keys to the .asc files there.
We currently have 3 signatures, so we have everything we need for our first
proper ASF release tomorrow, but of course it will be useful if more developers
know how to provide the signatures.
Bert
