[Cluster-devel] Upcoming changes to cluster releases

Fabio M. Di Nitto fdinitto at redhat.com
Tue Feb 16 11:55:16 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everybody,

I just landed a set of changes to improve our release process for cluster 3.

Here are the highlights:

- - tarballs will be released in both .gz and bz2 formats.
- - a Changelog-$VERSION will be available on the release area (same as
the one available in the announce emails).
- - a .sha256 file will also be available for each release to verify the
downloads.
- - for the more paranoid, the .sha256 file is signed with gpg (*).

As of today, we will _not_ update tarballs on the old
ftp://sources.redhat.com/pub/cluster/releases/

Please update your watchfiles to use:
https://fedorahosted.org/releases/c/l/cluster/

Cheers
Fabio

(*) In order to verify the release signature (example):

1) $ gpg --recv-keys 0x6CE95CA7

2) $ gpg --fingerprint 0x6CE95CA7
pub   4096R/6CE95CA7 2010-02-08
      Key fingerprint = 746F 4C0C A8C2 B82E CC0A  6948 08C8 1B2C 6CE9 5CA7
uid                  Cluster Release Team <cluster-devel at redhat.com>

3) $ gpg --check-sigs 0x6CE95CA7
pub   4096R/6CE95CA7 2010-02-08
uid                  Cluster Release Team <cluster-devel at redhat.com>
sig!3        6CE95CA7 2010-02-08  Cluster Release Team
<cluster-devel at redhat.com>
sig!         63549F8E 2010-02-08  Fabio M. Di Nitto <fabbione at fabbione.net>
sig!         0B437A89 2010-02-08  Fabio M. Di Nitto <fabbione at fabbione.net>
sig!         4CF8CD0C 2010-02-08  Lon Hohberger <lhh at redhat.com>

The key will always carry only the UIDs of the release managers.

4) $ gpg --verify cluster-3.0.8.sha256.asc cluster-3.0.8.sha256
gpg: Signature made Tue Feb 16 12:37:42 2010 CET using RSA key ID 6CE95CA7
gpg: Good signature from "Cluster Release Team <cluster-devel at redhat.com>"

Generally, step 1 to 3 are required only for a first time setup.

Please always consult any extensive gpg how to for more information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLeoehAAoJEFA6oBJjVJ+OjA8P/iFhMjdVGYs/GUo0j/RSNzl+
a46BVyMzE/H6lPUDBZkyopuFNM0fgdMzHC5KNKcNyjO4gyVVp3/w16VoGjCfOzzk
mmEFq4xr8XOfgUzYoRvRHVVn4zOFHLQlwQ+sw7zlZGbQXZiUP/ffiL4czeSZnztS
0S1uHkMSykZpMq0fAYPBFmf9ipsN3QQzIjL069e1ZYE5TqoZFVE8L9qV5MA92MSP
Q+UAYUzRY7rsEguzCiM2oay/Xgi1cymYKQoUXEopRlPnebP/84Ntylkr5/w4mDqp
E2uFT1DOmFCR6EdcVpMrGSbqgeaq3IfM5otJIm8jwfzHqI9FkXM4onCKYv2ww+11
/aAzTz4Zdu66wPBfBghk/AsuIMsOLFgyqoWZYobswrAWaqJhHtfRy/OXE5G4Mt8+
mJEOiR9e1AqPvrwuvKfkNu1CysDNUzGBIc8nm7JXY7qjRjpd1q/+CKPJHj98/S/g
M0DkhCyfYh/oaDDC58RBzP1h3aKmFIRQ0AibvrQs6LHwWnfMznZ0kKENXvwXhV2A
qSHr0oLKEGClBYkr/7VXkzJxwqOntVz6R6NT/t6RO6e+v6zimqYLYNpi+jj2YFgU
6W+XgYTi9MkmibI4lsopDX1iz7rVw9VujFanH0KnOtO94lteGgkqEmJzLXH1vYyM
PZbO0x46MKn6xy0Ozf95
=tdgO
-----END PGP SIGNATURE-----

More information about the Cluster-devel mailing list