THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
details here: http://www.apache.org/dev/release-signing.html#openpgp-ascii-detach-sig
c) Create MD5 checksum : apache-mxnet-src-#.#.#.rc0-incubating.tar.gz.md5
d) Create SHA checksum: apache-mxnet-src-#.#.#.rc0-incubating.tar.gz.sha512
| Code Block | ||||
|---|---|---|---|---|
| ||||
gpg --armor --output apache-mxnet-src-0.11.0-incubating.tar.gz.asc --detach-sig apache-mxnet-src-0.11.0-incubating.tar.gz
md5 apache-mxnet-src-0.11.0-incubating.tar.gz > apache-mxnet-src-0.11.0-incubating.tar.gz.md5
shasum -a 512 apache-mxnet-src-0.11.0-incubating.tar.gz > apache-mxnet-src-0.11.0-incubating.tar.gz.sha512 |
...
As per the Apache documentation, verify that the release candidate artifacts satisfy the following:
- PGP signatures and SHA256/MD5 checksum SHA256 checksum verification -
| Code Block |
|---|
svn co https://dist.apache.org/repos/dist/dev/incubator/mxnet && cd mxnet/#.#.#.rc0 brew install gpg coreutils gpg --import ../KEYS |
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
gpg --verify ./apache-mxnet-src-0.11.0.rc3-incubating.tar.gz.asc
gsha512sum --check ./apache-mxnet-src-0.11.0.rc1-incubating.tar.gz.sha512
gmd5sum --check ./apache-mxnet-src-0.11.0.rc3-incubating.tar.gz.md5 |
sha512
|
Step 1.11. Test the final release package (Committer or Contributor)
...
- TODO: link to Apache mirror source, pgp, sha, md5 sha
3.3. Update NEWS.md & README.md on the MXNet master branch ( can happen after the announcement).
...
*NOTES FROM DOCS FOR REFERENCE:* http://incubator.apache.org/guides/releasemanagement.html - 3 +1 votes from IPMC members (these are the votes that count but we should open up to the whole podling community) - For podlings, 2 additional constraints: - Release artifacts must include “incubating” in final file name (ex: apache-mxnet-src-0.10.1-incubating.tar.gz) - Release artifacts must include disclaimer in the release artifacts - The Incubator PMC expects the source releases to be staged on https://dist.apache.org/repos/dist/dev/incubator/podlingName so that they can easily be moved to the release location via svn mv ( http://www.apache.org/dist/incubator/) - After graduating, RC’s go into https://dist.apache.org/repos/dist/dev/ and official releases go into https://dist.apache.org/repos/dist/release/ http://incubator.apache.org/guides/branding.html#disclaimers - Apache Press Team [http://www.apache.org/press/index.html#whoweare] must review and coordinate releases for branding - On website and in release DISCLAIMER file: - Apache Podling-Name is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the name of Apache TLP sponsor. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. - Website should include Apache Incubator logo: http://incubator.apache.org/guides/press-kit.html - Release should include: - DISCLAIMER - LICENSE - NOTICE - attribution notices http://www.apache.org/legal/release-policy.html - A release must contain source package which is cryptographically signed by Release lead with detached signature. It must be tested prior to voting for release. - Release must only contain appropriately licensed code - Please ensure you wait >=24 hours after uploading a release before making announcements so mirrors catch up - Releases of more than 1GB of artifacts require a heads-up to Infrastructure in advance. - Which directory for what build? http://www.apache.org/legal/release-policy.html#build-directories http://www.apache.org/dev/release-distribution.html - Artifacts MUST be accompanied by: - apache-mxnet-src-0.10.1-incubating.asc - contains OpenPGP compatible ASCII armored detached signature - apache-mxnet-src-0.10.1-incubating.md5 - MD5 checksum - apache-mxnet-src-0.10.1-incubating.sha - SHA checksum (SHOULD) - Publish KEYS file in distribution directory root - Signing keys MUST be published in KEYS file, SHOULD be available in global public keyserver http://www.apache.org/dev/release-signing#keyserver, SHOULD be linked into web of trust - Keys MUST be RSA & 4096 bits http://www.apache.org/dev/release-publishing.html - Apache RAT can assist in checking license compliance http://creadur.apache.org/rat/ - Eventually we should set up a build system to sign our releases with cryptographic signatures. For now we’ll do it manually. http://www.apache.org/dev/release-signing.html - Create a signature and sign releases as mentioned above
...