jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philippe Mouawad <philippe.moua...@gmail.com>
Subject Re: Let's release a 5.1 ?
Date Thu, 07 Feb 2019 10:39:58 GMT
Hi Felix,
Ok by me if you want to be release manager on 5.1

Thanks for your clarifications.
Maybe amending the documentation of our release process would help .

For example to amend KEYS:
(gpg --list-sigs "First-Name Last-Name" && gpg --armor --export "First-Name
Last-Name") >> KEYS

See my notes inline.

Thanks

On Thu, Feb 7, 2019 at 7:58 AM Felix Schumacher <
felix.schumacher@internetallee.de> wrote:

>
>
> Am 6. Februar 2019 22:39:24 MEZ schrieb Philippe Mouawad <
> p.mouawad@ubik-ingenierie.com>:
> >Hello,
> >
> >We now have :
> >
> >   - 30 enhancements
> >   - 51 bugfixes
> >
> >I think the nightly is ready to be released.
> >
> >What's your opinion ?
>
> Yes. We should do a release.
>
> >Is there a volunteer for release management ?
>
> I would be willing to do so, but I would need a pgp key like you do :)
>
> >If not I'll try to , but I see there are some steps where I'll need
> >help
> >from usual release manager:
> >I don't understand this:
> >
> >   -
> >
> > If necessary, update the META file with your GPG key id (if you act as
> >   the release manager for the first time. Please visit
> >https://checker.apache.org/doc/README.html )  => HOW DO I GET The key
> >id
> >   ?
>
> You generate a pgp/gpg key pair. The key from that pair has an ID that is
> assigned automatically upon generation.
>

If you mean personal one for my apache id, I did that.

>
> The public part of the pair will have to be signed by some known keys, so
> that it can be verified by others that have no direct contact to you (but
> trust the known keys).
>

I don't remember how I did this but it seems it is also done

>
> >   -
> >    - The META file needs to be signed by the PMC Chair of project with
> >      this command:
> >
> >gpg -u emailOfPmcChairJMeter@apache.org --armor --output META.asc
> >--detach-sig META
>
> This is done to have a known place where our key ids can be found. Those
> key ids are signed by the chair, so others can verify that the project
> trusts those values.
>

So  the documentation is wrong ?
It should be :
The META file needs to be signed by the release manager  with this command:
gpg -u emailOfReleaseManagerMemberOfPmcChairJMeter@apache.org
<emailOfPmcChairJMeter@apache.org> --armor --output META.asc --detach-sig
META

Or I misunderstand ?


> >
> >=> Can I sign it or must it be milamber ?
>
> The meta file seems to be signed by milamber (but only when the id's are
> added)
>

So If I add my ID to KEYS, can I (you) sign it, or must it be Milamber ?

>
> >
> >
> >   - To verify the good signature, use this command:
> >
> >$ gpg --verify META.asc METAgpg: Signature made mar. 12 sept. 2017
> >18:05:19 WESTgpg:                using RSA key
> >C4923F9ABFB2F1A06F08E88BAC214CAA0612B399gpg:                issuer
> >"milamber@apache.org"gpg: Good signature from "Milamber (ASF)
> ><milamber@apache.org>" [ultimate]gpg:                 aka "Milamber
> >(Milamberspace) <milamberspace@gmail.com>" [ultimate]
> >
> >=> When I do it
> >gpg --verify META.asc META
> >gpg: Signature made Tue 12 Sep 2017 05:05:19 PM UTC using RSA key ID
> >0612B399
> >gpg: Can't check signature: No public key
>
> I haven't tried that one, will have to do it when I am home again.
>
> >
> >
> >Sorry for stupid questions.
>
> PGP is hard to understand and to get correctly handled.
>
I agree :-)

>
> Regards,
>  Felix
>
> >
> >
> >Regards
> >Philippe
> >
> >
> >
> >
> >
> >
> >
> >
> ><https://www.openstreetmap.org/#map=18/50.69454/3.16455>
>


-- 
Cordialement.
Philippe Mouawad.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message