slawekjaranowski commented on code in PR #448:
URL: https://github.com/apache/maven-site/pull/448#discussion_r1334483033
##########
content/apt/developers/release/pmc-gpg-keys.apt:
##########
@@ -28,146 +28,175 @@
Introduction
- You need to add your GPG keys in
{{https://svn.apache.org/repos/asf/maven/project/KEYS}} before a release. Here
are some
- useful {{{http://www.gnupg.org/}GnuPG}} commands to generate your Keys.
+ <<Before>> a release You need to publish your Public GPG Keys in several
place used by different tools for verifying release signatures.
-* gpg --gen-key
+ All Your historical Public Keys should be available for verifying historical
releases, so please <<don't remove>> any key used sometime.
--------
->gpg --gen-key
-gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
-This program comes with ABSOLUTELY NO WARRANTY.
-This is free software, and you are welcome to redistribute it
-under certain conditions. See the file COPYING for details.
-
-gpg: keyring `C:/Documents and Settings/Siveton Vincent/Application
Data/gnupg\secring.gpg'
-created
-gpg: keyring `C:/Documents and Settings/Siveton Vincent/Application
Data/gnupg\pubring.gpg'
-created
-Please select what kind of key you want:
- (1) DSA and Elgamal (default)
- (2) DSA (sign only)
- (5) RSA (sign only)
-Your selection? 1
-DSA keypair will have 1024 bits.
-ELG-E keys may be between 1024 and 4096 bits long.
-What keysize do you want? (2048) 2048
-Requested keysize is 2048 bits
-Please specify how long the key should be valid.
- 0 = key does not expire
- <n> = key expires in n days
- <n>w = key expires in n weeks
- <n>m = key expires in n months
- <n>y = key expires in n years
-Key is valid for? (0) 0
-Key does not expire at all
-Is this correct? (y/N) y
-
-You need a user ID to identify your key; the software constructs the user ID
-from the Real Name, Comment and Email Address in this form:
- "Heinrich Heine (Der Dichter) <[email protected]>"
-
-Real name: Vincent Siveton
-Email address: [email protected]
-Comment:
-You selected this USER-ID:
- "Vincent Siveton <[email protected]>"
-
-Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
-You need a Passphrase to protect your secret key.
-
-You don't want a passphrase - this is probably a *bad* idea!
-I will do it anyway. You can change your passphrase at any time,
-using this program with the option "--edit-key".
-
-We need to generate a lot of random bytes. It is a good idea to perform
-some other action (type on the keyboard, move the mouse, utilize the
-disks) during the prime generation; this gives the random number
-generator a better chance to gain enough entropy.
-++++++++++++++++++++.++++++++++..+++++++++++++++++++++++++++++++++++++++++++++++
-+++.+++++++++++++++.++++++++++++++++++++..+++++++++++++++>++++++++++............
-.........................+++++
-We need to generate a lot of random bytes. It is a good idea to perform
-some other action (type on the keyboard, move the mouse, utilize the
-disks) during the prime generation; this gives the random number
-generator a better chance to gain enough entropy.
-.+++++++++++++++..++++++++++++++++++++....+++++.++++++++++.++++++++++.++++++++++
-+++++.+++++++++++++++++++++++++++++++++++.+++++.++++++++++++++++++++++++++++++>+
-+++++++++>+++++>+++++......................................................>++++
-+......<.+++++........................+++++^^^
-gpg: C:/Documents and Settings/Siveton Vincent/Application
Data/gnupg\trustdb.gpg: trustdb
-created
-gpg: key 07DDB702 marked as ultimately trusted
-public and secret key created and signed.
-
-gpg: checking the trustdb
-gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
-gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
-pub 1024D/07DDB702 2006-10-10
- Key fingerprint = 71F6 F555 8A61 71C4 330D B868 84F4 D470 07DD B702
-uid Vincent Siveton <[email protected]>
-sub 2048g/D2814A59 2006-10-10
+ All new <<RSA>> keys generated should be at least <<4096>> bits. Do not
generate new DSA keys.
+
+* Maven Project Keys
+
+ Public Keys used for signing Maven core, plugins and shared components are
available for users at:\
+ {{https://downloads.apache.org/maven/KEYS}}
+
+ You need edit a file and follow provided instructions in SVN at:\
+ {{https://svn.apache.org/repos/asf/maven/project/KEYS}}
+
+* Distributing Your Public Keys
+
+ Your Public Keys <<MUST>> be available at public key server,
+ you can use one or evan all of currently common used key server
+
+ * {{https://keys.openpgp.org}}
+
+ * {{https://keyserver.ubuntu.com}}
+
+ * {{https://pgp.mit.edu}}
+ []
+
+* Committer public key files
+
+ You should also add Your Public Keys to
{{{https://people.apache.org/keys/committer}ASF Committer public key files}}
+
+ Please follow instructions at: {{https://people.apache.org/keys}}
+
+* Useful {{{http://www.gnupg.org/}GnuPG}} commands to generate Your Keys.
+
+** gpg --gen-key
+
+-------
+ >gpg --gen-key
+ gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
+ This program comes with ABSOLUTELY NO WARRANTY.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions. See the file COPYING for details.
+
+ gpg: keyring `C:/Documents and Settings/Siveton Vincent/Application
Data/gnupg\secring.gpg'
+ created
+ gpg: keyring `C:/Documents and Settings/Siveton Vincent/Application
Data/gnupg\pubring.gpg'
+ created
+ Please select what kind of key you want:
+ (1) DSA and Elgamal (default)
+ (2) DSA (sign only)
+ (5) RSA (sign only)
Review Comment:
you are right - example is very old
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
