-
Notifications
You must be signed in to change notification settings - Fork 29.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: reorg release team to separate section & add @jasnell and @sam-github to release team #2455
Merged
Merged
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -50,15 +50,16 @@ to verify that the file has not been tampered with. | |
|
|
||
| To verify a SHASUM256.txt.asc, you will first need to import all of | ||
| the GPG keys of individuals authorized to create releases. They are | ||
| listed at the bottom of this README. Use a command such as this to | ||
| import the keys: | ||
| listed at the bottom of this README under [Release Team](#release-team). | ||
| Use a command such as this to import the keys: | ||
|
|
||
| ``` | ||
| $ gpg --keyserver pool.sks-keyservers.net \ | ||
| --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D | ||
| ``` | ||
|
|
||
| _(Include each of the key fingerprints at the end of this command.)_ | ||
| _(See the bottom of this README for a full script to import active | ||
| release keys)_ | ||
|
|
||
| You can then use `gpg --verify SHASUMS256.txt.asc` to verify that the | ||
| file has been signed by an authorized member of the Node.js team. | ||
|
|
@@ -328,21 +329,16 @@ that forms the _Technical Steering Committee_ (TSC) which governs the project. F | |
| information about the governance of the Node.js project, see | ||
| [GOVERNANCE.md](./GOVERNANCE.md). | ||
|
|
||
| ======= | ||
| ### TSC (Technical Steering Committee) | ||
|
|
||
| * **Ben Noordhuis** <[email protected]> ([@bnoordhuis](https://github.com/bnoordhuis)) | ||
| * **Bert Belder** <[email protected]> ([@piscisaureus](https://github.com/piscisaureus)) | ||
| * **Fedor Indutny** <[email protected]> ([@indutny](https://github.com/indutny)) | ||
| * **Trevor Norris** <[email protected]> ([@trevnorris](https://github.com/trevnorris)) | ||
| * **Chris Dickinson** <[email protected]> ([@chrisdickinson](https://github.com/chrisdickinson)) | ||
| - Release GPG key: 9554F04D7259F04124DE6B476D5A82AC7E37093B | ||
| * **Rod Vagg** <[email protected]> ([@rvagg](https://github.com/rvagg)) | ||
| - Release GPG key: DD8F2338BAE7501E3DD5AC78C273792F7D83545D | ||
| * **Jeremiah Senkpiel** <[email protected]> ([@fishrock123](https://github.com/fishrock123)) | ||
| - Release GPG key: FD3A5288F042B6850C66B31F09FE44734EB7990E | ||
| * **Colin Ihrig** <[email protected]> ([@cjihrig](https://github.com/cjihrig)) | ||
| - Release GPG key: 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 | ||
| * **Alexis Campailla** <[email protected]> ([@orangemocha](https://github.com/orangemocha)) | ||
| * **Julien Gilli** <[email protected]> ([@misterdjules](https://github.com/misterdjules)) | ||
| * **James M Snell** <[email protected]> ([@jasnell](https://github.com/jasnell)) | ||
|
|
@@ -385,3 +381,35 @@ information about the governance of the Node.js project, see | |
|
|
||
| Collaborators & TSC members follow the [COLLABORATOR_GUIDE.md](./COLLABORATOR_GUIDE.md) in | ||
| maintaining the Node.js project. | ||
|
|
||
| ### Release Team | ||
|
|
||
| Releases of Node.js and io.js will be signed with one of the following GPG keys: | ||
|
|
||
| * **Chris Dickinson** <[email protected]>: `9554F04D7259F04124DE6B476D5A82AC7E37093B` | ||
| * **Colin Ihrig** <[email protected]> `94AE36675C464D64BAFA68DD7434390BDBE9B9C5` | ||
| * **Sam Roberts** <[email protected]> `0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93` | ||
| * **Jeremiah Senkpiel** <[email protected]> `FD3A5288F042B6850C66B31F09FE44734EB7990E` | ||
| * **James M Snell** <[email protected]> `71DCFD284A79C3B38668286BC97EC7A07EDE3FC1` | ||
| * **Rod Vagg** <[email protected]> `DD8F2338BAE7501E3DD5AC78C273792F7D83545D` | ||
|
|
||
| The full set of trusted release keys can be imported by running: | ||
|
|
||
| ``` | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys 0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93 | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 | ||
| gpg --keyserver pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D | ||
| ``` | ||
|
|
||
| See the section above on [Verifying Binaries](#verifying-binaries) for | ||
| details on what to do with these keys to verify a downloaded file is official. | ||
|
|
||
| Previous releases of Node.js have been signed with one of the following GPG | ||
| keys: | ||
|
|
||
| * Julien Gilli <[email protected]> `114F43EE0176B71C7BC219DD50A3051F888C628D` | ||
| * Timothy J Fontaine <[email protected]> `7937DFD2AB06298B2293C3187D33FF9D0246406D` | ||
| * Isaac Z. Schlueter <[email protected]> `93C7E9E91B49E432C2F75674B0A78B0A6C481CF6` | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Were they not signed prior to issac?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no, v0.10.1 was the first signed stable, signed with
6C481CF6, I don't believe there was anyone else that should be in the list but we can amend if we discover otherwise (I haven't look through all of the releases tbh)