From 85729545f11257b7790e098fb224637715263616 Mon Sep 17 00:00:00 2001 From: Mariusz Felisiak Date: Mon, 7 Dec 2020 11:45:38 +0100 Subject: [PATCH] Added note about importing release manager's public keys via GitHub API to checksums templates. --- docs/internals/howto-release-django.txt | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt index d63ddfa31a..d7fcf896fc 100644 --- a/docs/internals/howto-release-django.txt +++ b/docs/internals/howto-release-django.txt @@ -232,7 +232,8 @@ OK, this is the fun part, where we actually push out a release! #. Create a "checksums" file, ``Django-<>.checksum.txt`` containing the hashes and release information. Start with this template and insert the correct version, date, GPG key ID (from - ``gpg --list-keys --keyid-format LONG``), release URL, and checksums: + ``gpg --list-keys --keyid-format LONG``), release manager's GitHub username, + release URL, and checksums: .. code-block:: text @@ -241,14 +242,18 @@ OK, this is the fun part, where we actually push out a release! To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have - the Django release manager's public key in your keyring; this key has + the Django release manager's public key in your keyring. This key has the ID ``XXXXXXXXXXXXXXXX`` and can be imported from the MIT - keyserver. For example, if using the open-source GNU Privacy Guard + keyserver, for example, if using the open-source GNU Privacy Guard implementation of PGP: gpg --keyserver pgp.mit.edu --recv-key XXXXXXXXXXXXXXXX - Once the key is imported, verify this file:: + or via the GitHub API: + + curl https://github.com/<>.gpg | gpg --import - + + Once the key is imported, verify this file: gpg --verify <>