jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: Let's release a 5.1 ?
Date Fri, 08 Feb 2019 06:48:15 GMT


Am 7. Februar 2019 07:57:54 MEZ schrieb Felix Schumacher <felix.schumacher@internetallee.de>:
>
>
>Am 6. Februar 2019 22:39:24 MEZ schrieb Philippe Mouawad
><p.mouawad@ubik-ingenierie.com>:
>>Hello,
>>
>>We now have :
>>
>>   - 30 enhancements
>>   - 51 bugfixes
>>
>>I think the nightly is ready to be released.
>>
>>What's your opinion ?
>
>Yes. We should do a release. 
>
>>Is there a volunteer for release management ?
>
>I would be willing to do so, but I would need a pgp key like you do :) 
>
>>If not I'll try to , but I see there are some steps where I'll need
>>help
>>from usual release manager:
>>I don't understand this:
>>
>>   -
>>
>> If necessary, update the META file with your GPG key id (if you act
>as
>>   the release manager for the first time. Please visit
>>https://checker.apache.org/doc/README.html )  => HOW DO I GET The key
>>id
>>   ?
>
>You generate a pgp/gpg key pair. The key from that pair has an ID that
>is assigned automatically upon generation. 
>
>The public part of the pair will have to be signed by some known keys,
>so that it can be verified by others that have no direct contact to you
>(but trust the known keys). 
>
>>   -
>>    - The META file needs to be signed by the PMC Chair of project
>with
>>      this command:
>>
>>gpg -u emailOfPmcChairJMeter@apache.org --armor --output META.asc
>>--detach-sig META
>
>This is done to have a known place where our key ids can be found.
>Those key ids are signed by the chair, so others can verify that the
>project trusts those values. 
>
>>
>>=> Can I sign it or must it be milamber ?
>
>The meta file seems to be signed by milamber (but only when the id's
>are added) 
>
>>
>>
>>   - To verify the good signature, use this command:
>>
>>$ gpg --verify META.asc METAgpg: Signature made mar. 12 sept. 2017
>>18:05:19 WESTgpg:                using RSA key
>>C4923F9ABFB2F1A06F08E88BAC214CAA0612B399gpg:                issuer
>>"milamber@apache.org"gpg: Good signature from "Milamber (ASF)
>><milamber@apache.org>" [ultimate]gpg:                 aka "Milamber
>>(Milamberspace) <milamberspace@gmail.com>" [ultimate]
>>
>>=> When I do it
>>gpg --verify META.asc META
>>gpg: Signature made Tue 12 Sep 2017 05:05:19 PM UTC using RSA key ID
>>0612B399
>>gpg: Can't check signature: No public key
>
>I haven't tried that one, will have to do it when I am home again. 

You have to import milambers public key into your PGP installation. His key is together with
other jmeter keys in the KEYS file in the same directory as the META file. 

This can be done with 
 gpg - -import < KEYS

The next thing you would have to do is to check the signature of the keys are really those
of milamber, sebb and the others. 

Felix 

>
>>
>>
>>Sorry for stupid questions.
>
>PGP is hard to understand and to get correctly handled. 
>
>Regards, 
> Felix 
>
>>
>>
>>Regards
>>Philippe
>>
>>
>>
>>
>>
>>
>>
>>
>><https://www.openstreetmap.org/#map=18/50.69454/3.16455>

Mime
View raw message