[GitHub] nifi-site pull request #27: Added GPG Guide

Sat, 14 Jul 2018 06:45:41 -0700 

Github user markobean commented on a diff in the pull request:

    https://github.com/apache/nifi-site/pull/27#discussion_r202515416
  
    --- Diff: src/pages/markdown/gpg.md ---
    @@ -0,0 +1,522 @@
    +---
    +title: GPG (Gnu Privacy Guard / Open PGP) Signatures
    +---
    +
    +# Apache NiFi Release Signatures and Code Signing
    +
    +The purpose of this document is to capture and describe the steps involved 
in generating and verifying cryptographic signatures of official releases of 
Apache NiFi, as well as configuring cryptographic signatures of individual code 
commits.  It is written for contributors, committers, and users of Apache NiFi 
(and related applications).  
    +
    +## <a name="table-of-contents">Table of Contents</a>
    +  * [The Objective](#the-objective)
    +  * [Background Material](#background-material)
    +  * [Terms](#terms)
    +  * [Variable Reference Substitutions](#variable-reference-substitutions)
    +  * [Download GPG](#download-gpg)
    +  * [Setting up your key](#setting-up-your-key)
    +  * [Publish your key](#publish-your-key)
    +  * [Import another GPG key](#import-another-gpg-key)
    +  * [Verify a key](#verify-a-key)
    +  * [Web of trust](#web-of-trust)
    +  * [Set up Git with your key](#set-up-git-with-your-key)
    +  * [Sign commits](#sign-commits)
    +  * [Verifying a signature](#verifying-a-signature)
    +  * [Set up GitHub with your key](#set-up-github-with-your-key)
    +  * [Signing a release artifact](#signing-a-release-artifact)
    +  * [Verifying a release signature](#verifying-a-release-signature)
    +
    +## <a name="the-objective">The Objective</a>
    +
    +Our aim is to instruct users on how to sign their commits, verify other's 
signatures, and do the same for official releases of Apache NiFi. 
    +  
    +## <a name="background-material">Background Material</a>
    +
    +  - These documents are helpful for general environmental setup to perform 
GPG signing and signature verification: 
    +    - [Apache PGP Info][apache-pgp]
    +    - [Apache Release Signing][apache-release-signing]
    +    - [Git Ready: Signing Releases with GPG][git-sign-tag-instructs]
    +    - [RFC 4880: IETF Standard Spec for OpenPGP][rfc-4880]
    +    - [GitHub Blog: GPG Signature Verification][github-gpg-signing]
    +    - [Git Ready: gpg-sign releases][git-sign-tag-instructs]
    +    - [GitHub Help: Signing Commits Using GPG][github-help-gpg]
    +    - [GitHub Help: Telling Git About Your GPG Key][git-config-gpg]
    +    - [Git Docs: Git Tools Signing Your Work][git-gpg]
    +    - [PGP Web of Trust][web-of-trust]
    +
    +## <a name="terms">Terms</a>
    --- End diff --
    
    Add definitions of "PGP" and "GPG" to terms. Useful on its own, but also 
these acronyms are so similar and can look like an inadvertent typo.


---

Reply via email to