1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Added note about importing release manager's public keys via GitHub API to checksums templates.

This commit is contained in:
Mariusz Felisiak 2020-12-07 11:45:38 +01:00 committed by GitHub
parent e23484484c
commit 85729545f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -232,7 +232,8 @@ OK, this is the fun part, where we actually push out a release!
#. Create a "checksums" file, ``Django-<<VERSION>>.checksum.txt`` containing
the hashes and release information. Start with this template and insert the
correct version, date, GPG key ID (from
``gpg --list-keys --keyid-format LONG``), release URL, and checksums:
``gpg --list-keys --keyid-format LONG``), release manager's GitHub username,
release URL, and checksums:
.. code-block:: text
@ -241,14 +242,18 @@ OK, this is the fun part, where we actually push out a release!
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has
the Django release manager's public key in your keyring. This key has
the ID ``XXXXXXXXXXXXXXXX`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key XXXXXXXXXXXXXXXX
Once the key is imported, verify this file::
or via the GitHub API:
curl https://github.com/<<RELEASE MANAGER GITHUB USERNAME>>.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify <<THIS FILENAME>>