Jonathan Riddell skrev den 2016-12-20 11:58:
On 20 December 2016 at 08:12, Dag <dand...@get2net.dk> wrote:
- Who can generate the final release tarball. (pnt 4 below)
It must be someone with a trusted pgp key (I'm not trusted, so can't do
it).
It should take <30 minutes, so is there somebody out there who could help?

Any pgp key will do, the only requirement is a packager like myself
can verify it's the one the Calligra devs used which is usually done
by putting it on a pgp key server and putting the full fingerprint on
the release announcement web page and/or e-mails (not on a wiki as
Kirigami devs like to do).
Thought that was what the trust part should do, anybody could create a key and say they where a calligra dev. OTOH probably some of us would protest if calligra was released and none of us knew about it ;)


- Somewhere to upload tarball for testing/checking before released to
download.kde.org.
I thought about ftp://upload.kde.org/incoming but I don't think that is
possible?

You can't use upload.kde.org no but you could use share.kde.org or any
other of 100 services like Google Drive or Dropbox.

6. Publish tarball on download.kde.org (or possibly upload.kde.org)

very few people have direct access to download.kde.org, the normal
process is upload.kde.org and sysadmin request.
upload... would be fine with me.

7. Notify packagers and wait some time (a week?) for feedback

A week feels a bit much to me but as you wish
Less is more in this case. What would you suggest would be enough?

Jonathan

Reply via email to