-
Notifications
You must be signed in to change notification settings - Fork 30.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
doc: reorg release team to separate section
included: * commands to run to import all active keys * list of previous Node.js releasers key details PR-URL: #2455 Reviewed-By: Colin Ihrig <[email protected]>
- Loading branch information
Showing
1 changed file
with
33 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -57,15 +57,16 @@ to verify that the file has not been tampered with. | |
|
|
||
| To verify a SHASUM256.txt.asc, you will first need to import all of | ||
| the GPG keys of individuals authorized to create releases. They are | ||
| listed at the bottom of this README. Use a command such as this to | ||
| import the keys: | ||
| listed at the bottom of this README under [Release Team](#release-team). | ||
| Use a command such as this to import the keys: | ||
|
|
||
| ``` | ||
| $ gpg --keyserver pool.sks-keyservers.net \ | ||
| --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D | ||
| ``` | ||
|
|
||
| _(Include each of the key fingerprints at the end of this command.)_ | ||
| _(See the bottom of this README for a full script to import active | ||
| release keys)_ | ||
|
|
||
| You can then use `gpg --verify SHASUMS256.txt.asc` to verify that the | ||
| file has been signed by an authorized member of the io.js team. | ||
|
|
@@ -336,21 +337,16 @@ that forms the _Technical Steering Committee_ (TSC) which governs the project. F | |
| information about the governance of the io.js project, see | ||
| [GOVERNANCE.md](./GOVERNANCE.md). | ||
|
|
||
| ======= | ||
| ### TSC (Technical Steering Committee) | ||
|
|
||
| * **Ben Noordhuis** <[email protected]> ([@bnoordhuis](https://github.com/bnoordhuis)) | ||
| * **Bert Belder** <[email protected]> ([@piscisaureus](https://github.com/piscisaureus)) | ||
| * **Fedor Indutny** <[email protected]> ([@indutny](https://github.com/indutny)) | ||
| * **Trevor Norris** <[email protected]> ([@trevnorris](https://github.com/trevnorris)) | ||
| * **Chris Dickinson** <[email protected]> ([@chrisdickinson](https://github.com/chrisdickinson)) | ||
| - Release GPG key: 9554F04D7259F04124DE6B476D5A82AC7E37093B | ||
| * **Rod Vagg** <[email protected]> ([@rvagg](https://github.com/rvagg)) | ||
| - Release GPG key: DD8F2338BAE7501E3DD5AC78C273792F7D83545D | ||
| * **Jeremiah Senkpiel** <[email protected]> ([@fishrock123](https://github.com/fishrock123)) | ||
| - Release GPG key: FD3A5288F042B6850C66B31F09FE44734EB7990E | ||
| * **Colin Ihrig** <[email protected]> ([@cjihrig](https://github.com/cjihrig)) | ||
| - Release GPG key: 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 | ||
| * **Alexis Campailla** <[email protected]> ([@orangemocha](https://github.com/orangemocha)) | ||
| * **Julien Gilli** <[email protected]> ([@misterdjules](https://github.com/misterdjules)) | ||
| * **James M Snell** <[email protected]> ([@jasnell](https://github.com/jasnell)) | ||
|
|
@@ -393,3 +389,32 @@ information about the governance of the io.js project, see | |
|
|
||
| Collaborators & TSC members follow the [COLLABORATOR_GUIDE.md](./COLLABORATOR_GUIDE.md) in | ||
| maintaining the io.js project. | ||
|
|
||
| ### Release Team | ||
|
|
||
| Releases of Node.js and io.js will be signed with one of the following GPG keys: | ||
|
|
||
| * **Chris Dickinson** <[email protected]>: `9554F04D7259F04124DE6B476D5A82AC7E37093B` | ||
| * **Colin Ihrig** <[email protected]> `94AE36675C464D64BAFA68DD7434390BDBE9B9C5` | ||
| * **Jeremiah Senkpiel** <[email protected]> `FD3A5288F042B6850C66B31F09FE44734EB7990E` | ||
| * **Rod Vagg** <[email protected]> `DD8F2338BAE7501E3DD5AC78C273792F7D83545D` | ||
|
|
||
| The full set of trusted release keys can be imported by running: | ||
|
|
||
| ``` | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D | ||
| ``` | ||
|
|
||
| See the section above on [Verifying Binaries](#verifying-binaries) for | ||
| details on what to do with these keys to verify a downloaded file is official. | ||
|
|
||
| Previous releases of Node.js have been signed with one of the following GPG | ||
| keys: | ||
|
|
||
| * Julien Gilli <[email protected]> `114F43EE0176B71C7BC219DD50A3051F888C628D` | ||
| * Timothy J Fontaine <[email protected]> `7937DFD2AB06298B2293C3187D33FF9D0246406D` | ||
| * Isaac Z. Schlueter <[email protected]> `93C7E9E91B49E432C2F75674B0A78B0A6C481CF6` | ||
| >>>>>>> b6a4c05... doc: reorg release team to separate section | ||