Welcome to the development directory.


# Adding Signatures

To add a vote to verify a release, follow these steps.

- Verify the signatures.

Check out this directory and verify the signatures as follows:

  make verify

- Add your signature.

To add your signature to all tarballs, run the following:

  make sign

Only check in the signatures you want to commit to.

Note:

Due to this bug in GPG all signatures need to be signed by the
same type of key: https://dev.gnupg.org/T1462

# Adding new releases

To upload a potential release to this directory, follow these
steps.

- Create ChangeLog file.

Start with copying the ChangeLog file, renaming the file to the
following pattern:

  ChangeLog-[tagname]

The tagname is the name and version of the release.

- Add the tarballs.

Copy the tarballs into the directory, named as follows:

  [tagname].tar.gz
  [tagname].tar.bz2

The tagname of the tarball must match the tagname in the
ChangeLog, or the tarballs will be ignored.

- Create hashes for the tarballs.

Run the following to generate sha256 hashes:

  make hash

Without a valid hash, the tarballs will be ignored.

- Create signatures for the tarballs.

Run the following to create the initial GPG signature, or
to add an additional signature.

  make sign

If the incorrect number of signatures are missing, the
tarballs will be ignored.

- Autopromote

When the ChangeLog is named correctly, when corresponding
tarballs sharing the same tagname as the ChangeLog is
present, when the SHA256 hash is correct, and when at
least two signatures are present on each tarball, the
release will be promoted automatically to both the
archive and the release directory.