[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 1.7.5 candidates

From: Johan Corveleyn <jcorvel_at_gmail.com>
Date: Tue, 15 May 2012 17:40:40 +0200

On Tue, May 15, 2012 at 5:16 PM, C. Michael Pilato <cmpilato_at_collab.net> wrote:
> On 05/15/2012 11:04 AM, Philip Martin wrote:
>> Philip Martin <philip.martin_at_wandisco.com> writes:
>>
>>> Please add your signatures to the .asc files there.
>>> You can use the release.py script for this:
>>>  release.py sign-candidates --target /path/to/dist/dev/subversion/wc 1.7.5
>>> which is the equivalent of running the following command for each
>>> tarball:
>>>  gpg -ba -f - subversion-1.6.18.tar.bz2 >> subversion-1.6.18.tar.bz2.asc
>>
>> I copied this from previous announcements but I'm not sure the release
>> process is right here.  The "release.py sign-candidates" suggestion
>> implies that we expect people to sign all the files but for previous
>> releases, when I was not release manager, I only signed the Unix
>> tarballs since that is what I tested.  If people sign all the files it
>> makes it harder to determine whether we have the required number of
>> Windows/Unix signatures.
>>
>> We currently have 5 signatures on the Unix tarballs and 6 signatures on
>> the Windows zip file but from the mails to dev I believe that 1.7.5
>> still requires another "real" Windows signature.
>
> I've never signed the Windows ZIP files, and don't see why I should when I
> haven't personally verified their content.  I suspect Johan and Paul are the
> only folks who've really tested the release on Windows.

Yes, and I only signed the windows zip file.

I use this command (-o instead of -f, the latter doesn't seem to be
supported by my gpg):

    gpg -ba -o - subversion-1.7.5.zip >> subversion-1.7.5.zip.asc

-- 
Johan
Received on 2012-05-15 17:41:31 CEST

This is an archived mail posted to the Subversion Dev mailing list.