1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Added note about importing release manager's public keys via GitHub API to checksums templates.

This commit is contained in:
Mariusz Felisiak 2020-12-07 11:45:38 +01:00 committed by GitHub
parent e23484484c
commit 85729545f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -232,7 +232,8 @@ OK, this is the fun part, where we actually push out a release!
#. Create a "checksums" file, ``Django-<<VERSION>>.checksum.txt`` containing #. Create a "checksums" file, ``Django-<<VERSION>>.checksum.txt`` containing
the hashes and release information. Start with this template and insert the the hashes and release information. Start with this template and insert the
correct version, date, GPG key ID (from correct version, date, GPG key ID (from
``gpg --list-keys --keyid-format LONG``), release URL, and checksums: ``gpg --list-keys --keyid-format LONG``), release manager's GitHub username,
release URL, and checksums:
.. code-block:: text .. code-block:: text
@ -241,14 +242,18 @@ OK, this is the fun part, where we actually push out a release!
To use this file, you will need a working install of PGP or other To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring; this key has the Django release manager's public key in your keyring. This key has
the ID ``XXXXXXXXXXXXXXXX`` and can be imported from the MIT the ID ``XXXXXXXXXXXXXXXX`` and can be imported from the MIT
keyserver. For example, if using the open-source GNU Privacy Guard keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP: implementation of PGP:
gpg --keyserver pgp.mit.edu --recv-key XXXXXXXXXXXXXXXX gpg --keyserver pgp.mit.edu --recv-key XXXXXXXXXXXXXXXX
Once the key is imported, verify this file:: or via the GitHub API:
curl https://github.com/<<RELEASE MANAGER GITHUB USERNAME>>.gpg | gpg --import -
Once the key is imported, verify this file:
gpg --verify <<THIS FILENAME>> gpg --verify <<THIS FILENAME>>