A work in progress...
...
Introduction
This document is intended for first-time reviewers and those who could benefit from additional information about the Apache software release process or specific tools needed to accomplish the review.
General getting-started information
...
Requirements:
- Command line interface (e.g., GitBash (Windows), PowerShell (Windows), and UNIX Terminal)
Additional
...
(optional) tools:
tbd
...
Download the release candidate
...
1a Check that Checksums are valid
TO DO Add information about tools to use, tips, and tricks for checking this information.
Command line interface
To generate checksums, navigate to the directory containing the .zip file and run the CertUtil command. for SHA512, SHA1, and MD5 hashes:
The default gives you the SHA1 hash:
CertUtil -hashfile 'apache-taverna-parent-2-incubating-source-release.zip'
Add SHA512 and MD5, as shown below, to generate those hashes.
CertUtil -hashfile 'apache-taverna-parent-2-incubating-source-release.zip' SHA512
CertUtil -hashfile 'apache-taverna-parent-2-incubating-source-release.zip' MD5
What's the best way to compare the checksums from the email and the .md5 and .sha1 files?
1b Check that PGP signature is valid
TO DO Add information about PGP tools, procedure.
...