Hi
On 26 Oct 2010, at 17:46, Scott Wilson wrote:
Hi everyone,
I've been through the source code and licenses, and updated our
existing license documentation, and created the LICENSE and NOTICE
files. I'm satisfied we're in good shape in terms of the License
Audit and Legal Audit part of the release process [1].
I've also done work on the documentation; it still needs testing
against the release but is in a reasonable state now.
As far as the tracker goes, there is now only one issue outstanding
issue [2].
I can't remember offhand the deadline we set for ourselves - are we
still on target? What's next?
Looks like we need to do testing and verifying of issues.
After this I think we should create the release branch, or do people
think we should do it now?
I've updated the section on signatures on the release doc - included
here.
The committers for the project need to provide public keys for the
release, each person who submits a key needs to keep the private key
safe. These will be included with the release in a KEYS file. The
process of creating a key pair should be consistent across the
committers. Apache recommend using GNU Privacy Guard to generate keys
and sign the artifacts.
Committers without a code signing key should generate one - RSA 4096
bits
If committers have a DSA or RSA key of less than 2048 bits then a new
one should be generated for signing releases, again using RSA 4096 bit.
For committers who already have an RSA key of 2048 bits or more some
configuration of their client to avoid weaknesses are required.
Instructions on how to do this can be found here.
Kris
