[
https://issues.apache.org/jira/browse/HBASE-24572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17147214#comment-17147214
]
Sean Busbey commented on HBASE-24572:
-------------------------------------
I think historically we've used key ids in the "0xshort" format rather than key
fingerprints.
this would give us the keyid if there's a dedicated signing subkey:
{code}
$ gpg --keyid-format 0xshort --list-public-key [email protected] | grep "\[S\]"
| grep -o "0x[0-9A-F]*"
0x1016402D
{code}
this would give us the fingerprint of the master key of the signing key that
got used:
{code}
$ gpg --keyid-format 0xshort --fingerprint [email protected] | grep fingerprint
| cut -d = -f 2 | sed -e 's/^ *//'
3F43 08CB D7CD 5AD4 C1C4 DE9F E65E 11D4 0D80 DB7C
{code}
key id in 0xshort format for the master key of the signing key that got used:
{code}
$ gpg --keyid-format 0xshort --list-public-key [email protected] | head -n 1 |
grep -o "0x[0-9A-F]*"
0x0D80DB7C
{code}
> do-release vote template should include the fingerprint of the gpg key used
> to sign the release
> -----------------------------------------------------------------------------------------------
>
> Key: HBASE-24572
> URL: https://issues.apache.org/jira/browse/HBASE-24572
> Project: HBase
> Issue Type: Task
> Components: build, community
> Reporter: Nick Dimiduk
> Priority: Major
>
> Right now the template us substituting the release manager's email address in
> for the variable {{GPG_KEY}}. I think it doesn't hurt to make note of the
> email address, but what we really want here is the key's fingerprint, or some
> meaningly identifiable portion of it.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
