Release Guide (draft)

This document describes the process of doing an official release of Myriad.

Prerequisites

Apache requires signing the release artificats/archives using a OpenPGP compatible ASCII armored detached signature. Please read this document.

1. Ensure that you have a GPG key or generate a new one, e.g., using gpg --gen-key. Make sure to generate a RSA key with at least 4096 bits.

   smarella:~/myriad$ gpg --gen-key

   ....

   Please select what kind of key you want:

   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   Your selection? 1
   RSA keys may be between 1024 and 4096 bits long.
   What keysize do you want? (2048) 4096
   Requested keysize is 4096 bits
   ....

2. Add your GPG public key to the Apache Myriad dist repository in the KEYS file.

   a) Fetch the svn repository: svn co https://dist.apache.org/repos/dist/dev/incubator/myriad/

   b) Append your public key using one of methods described in KEYS: (gpg --list-sigs <your name> && gpg --armor --export <your name>) >> KEYS

   c) Push the commit: svn ci

3. Submit your GPG public key to a keyserver, e.g. MIT PGP Public Key Server.

4. Add your GPG fingerprint to your Apache account.

   smarella:~/myriad$ gpg --list-keys --fingerprint
   /home/smarella/.gnupg/pubring.gpg
   ---------------------------------
   pub 4096R/B26811FB 2015-10-20
   Key fingerprint = 5FB7 1C05 A37A 7818 BA60 915E 095F 054C B268 11FB
   uid Santosh Marella <marella@gmail.com>
   sub 4096R/5E42CE0D 2015-10-20

Useful Links

1. Guidelines for Apache Releases
   https://incubator.apache.org/guides/releasemanagement.html
   https://incubator.apache.org/incubation/Incubation_Policy.html#Releases
   https://incubator.apache.org/guides/release.html
2. Signing Releases
3. Apache Mesos Release Guide