On Tue, May 15, 2012 at 5:16 PM, C. Michael Pilato <cmpilato_at_collab.net> wrote:
> On 05/15/2012 11:04 AM, Philip Martin wrote:
>> Philip Martin <philip.martin_at_wandisco.com> writes:
>>
>>> Please add your signatures to the .asc files there.
>>> You can use the release.py script for this:
>>> release.py sign-candidates --target /path/to/dist/dev/subversion/wc 1.7.5
>>> which is the equivalent of running the following command for each
>>> tarball:
>>> gpg -ba -f - subversion-1.6.18.tar.bz2 >> subversion-1.6.18.tar.bz2.asc
>>
>> I copied this from previous announcements but I'm not sure the release
>> process is right here. The "release.py sign-candidates" suggestion
>> implies that we expect people to sign all the files but for previous
>> releases, when I was not release manager, I only signed the Unix
>> tarballs since that is what I tested. If people sign all the files it
>> makes it harder to determine whether we have the required number of
>> Windows/Unix signatures.
>>
>> We currently have 5 signatures on the Unix tarballs and 6 signatures on
>> the Windows zip file but from the mails to dev I believe that 1.7.5
>> still requires another "real" Windows signature.
>
> I've never signed the Windows ZIP files, and don't see why I should when I
> haven't personally verified their content. I suspect Johan and Paul are the
> only folks who've really tested the release on Windows.
Yes, and I only signed the windows zip file.
I use this command (-o instead of -f, the latter doesn't seem to be
supported by my gpg):
gpg -ba -o - subversion-1.7.5.zip >> subversion-1.7.5.zip.asc
--
Johan
Received on 2012-05-15 17:41:31 CEST