On 28/10/2010 15:26, Scott Wilson wrote:
On 28 Oct 2010, at 10:19, Kris Popat wrote:
Hi
On 26 Oct 2010, at 17:46, Scott Wilson wrote:
Hi everyone,
I've been through the source code and licenses, and updated our existing
license documentation, and created the LICENSE and NOTICE files. I'm satisfied
we're in good shape in terms of the License Audit and Legal Audit part of the
release process [1].
I've also done work on the documentation; it still needs testing against the
release but is in a reasonable state now.
As far as the tracker goes, there is now only one issue outstanding issue [2].
I can't remember offhand the deadline we set for ourselves - are we still on
target? What's next?
Looks like we need to do testing and verifying of issues.
After this I think we should create the release branch, or do people think we
should do it now?
I guess if verifying the issues shows up something that needs an urgent fix it
would be a pain to have to sync branch and trunk. Also we may end up committing
more unit tests in the process. Lets just get the issues verified as soon as we
can!
I've updated the section on signatures on the release doc - included here.
The committers for the project need to provide public keys for the release,
each person who submits a key needs to keep the private key safe. These will
be included with the release in a KEYS file. The process of creating a key pair
should be consistent across the committers. Apache recommend using GNU Privacy
Guard to generate keys and sign the artifacts.
My public key is listed here:
http://pgp.mit.edu:11371/pks/lookup?search=Scott+Wilson+%3Cscott.bradley.wilson%40gmail.com%3E+&op=index
Mine is here...
http://pgp.mit.edu:11371/pks/lookup?search=paul+sharples&op=index
Committers without a code signing key should generate one - RSA 4096 bits
If committers have a DSA or RSA key of less than 2048 bits then a new one
should be generated for signing releases, again using RSA 4096 bit.
For committers who already have an RSA key of 2048 bits or more some
configuration of their client to avoid weaknesses are required. Instructions
on how to do this can be found here.
Kris
