On Wed, 25 Aug 2004 20:01:54 -0700, Martin Cooper wrote: > It looks like signatures have not been created for the distribution > as uploaded to cvs.apache.org, so A3 isn't quite done yet. (Or perhaps > we should have had an A2.5 for this. ;)
It was my understanding that signatures are required for true General Availability releases that are to be mirrored, but not-so-much for Alpha/Beta distributions that are not being mirrored (yet). So, in the current set of checklists, the signing came into play as part of the "General Availability Release" gauntlet (B1-B6). Though, it's true that <http://apache.org/dev/mirrors.html> says "All releases" rather than "All public releases." Signing releases is yet-another-thing-todo, and I had been putting it off. But since James did some of the work this time, I had some bandwidth available, so I gave it a try. Turned out to be easy as pie. [At least if my signatures actually work :)] It should take someone ten or twenty minutes to get started, if you don't get bogged down in details. I went through <http://nagoya.apache.org/wiki/apachewiki.cgi?SigningReleases>, and downloaded PGP 8.0 Freeware <http://www.pgpi.org/products/pgp/versions/freeware/>. For Windows, you have to [Onetime setup] * Unzip the install program * Run the install program, and restart * Press [Later] on the registration screen. (We can preview indefinately for non-profit use.) * Enter your personal name and email (@apache.org), and a passphrase. (8 characters or more.) * After the keys are generated, open the PGPKeys. * Run Server/Send To/Domain Server to register your public key with pgp.com * Run Keys/Export to save your public key as a text file. Add it the Struts KEYS file. * Close PGPKeys [Signing ritual] * Open PGPMail * The document button brings up a standard file dialog. Select the *.zip and *.gz files to sign. Check "Detached Signature" and "Text Output". * PGP generates plain-text *.sig files (which you can rename to *.asc). * Upload the *.asc files to the distribution directory. In this case, I've put the keys in my home directory, so someone can test them for me. (Help!) * http://cvs.apache.org/~husted/struts/v1.2.2 (Of course, I've also added the Step-by-Step notes to the wiki page, for future reference.) -Ted. > > -- > Martin Cooper --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
