...

You should have a 4096 bit RSA PGP key for signing the release. This key should be in the Apache web of trust.

• http://apache.org/dev/release-signing.html^{Image Added}
• http://apache.org/dev/openpgp.html^{Image Added}

Maven setup

Put the following in ~/.m2/settings.xml. This will allow you to release and deploy to the apache maven repositories. Of course, it's best not to store your password in cleartext. See http://maven.apache.org/guides/mini/guide-encryption.html^{Image Added} for a guide on how to make this a little more secure.

<settings>
<servers>
<server>
     <id>apache.snapshots.https</id>
     <username>APACHE-ID</username>
     <password>APACHE-PASSWORD</password>
   </server>
   <server>
     <id>apache.staging.https</id>
     <username>APACHE-ID</username>
     <password>APACHE-PASSWORD</password>
   </server>
   <server>
     <id>apache.releases.https</id>
     <username>APACHE-ID</username>
     <password>APACHE-PASSWORD</password>
   </server>
</servers>
</settings>

SSH setup on people.apache.org

The release procedure will require multiple logins to people.apache.org. To avoid having to log in many times, ensure that you have ssh password less login set up for people.apache.org.

• http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/^{Image Added}

Making the release

The steps for releasing are as follows.

1. Create release branch
2. Generate release notes
3. Build and deploy artifacts
4. Test the built artifacts
5. Tag the release in Subversion
6. Run the vote
7. If vote gets +1 from 3 PMC members and no -1, release, otherwise fix and repeat from step 2.