Also http://www.apache.org/dev/release-signing.html
However nothing I've come across so far shows you how to get started with gpg. Here are the gpg docs: http://webber.dewinter.com/gnupg_howto/english/GPGMiniHowto.html Don't use an online server to do this. You'll want to: * generate a key * generate a revocation certificate * copy these to a usb key, burn to CD, worth having multiple non-online backups. Once you've done that, you can then follow Noel's instructions on signing. I've always used the command line 'gpg', I'm not sure if there are any good front-ends, but they're listed on: http://www.gnupg.org/related_software/frontends.html Hen On 5/13/06, Noel J. Bergman <[EMAIL PROTECTED]> wrote:
> Now that the outage emergency is over, do you have those scripts handy? :-) There really isn't that much to doing this, which is kind of the whole point. I have the following in my build script, between building and posting: for i in *.zip; do gpg --output $i.asc --detach-sig --armor $i; done for i in *.gz; do gpg --output $i.asc --detach-sig --armor $i; done See http://wiki.apache.org/old/SigningReleases. See also: http://wiki.apache.org/old/AvalonReleaseManagerHowto/SigningReleases, but I don't recommend the technique for avoiding passphrase entry. --- Noel
