Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit c16e100

Browse filesBrowse files
rvaggrvagg
committed
doc: reorg release team to separate section
included: * commands to run to import all active keys * list of previous Node.js releasers key details PR-URL: #2455 Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
1 parent e3e0014 commit c16e100
Copy full SHA for c16e100

File tree

Expand file treeCollapse file tree

1 file changed

+33
-8
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+33
-8
lines changed
Open diff view settings
Collapse file

‎README.md‎

Copy file name to clipboardExpand all lines: README.md
+33-8Lines changed: 33 additions & 8 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -57,15 +57,16 @@ to verify that the file has not been tampered with.
5757

5858
To verify a SHASUM256.txt.asc, you will first need to import all of
5959
the GPG keys of individuals authorized to create releases. They are
60-
listed at the bottom of this README. Use a command such as this to
61-
import the keys:
60+
listed at the bottom of this README under [Release Team](#release-team).
61+
Use a command such as this to import the keys:
6262

6363
```
6464
$ gpg --keyserver pool.sks-keyservers.net \
6565
--recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
6666
```
6767

68-
_(Include each of the key fingerprints at the end of this command.)_
68+
_(See the bottom of this README for a full script to import active
69+
release keys)_
6970

7071
You can then use `gpg --verify SHASUMS256.txt.asc` to verify that the
7172
file has been signed by an authorized member of the io.js team.
@@ -336,21 +337,16 @@ that forms the _Technical Steering Committee_ (TSC) which governs the project. F
336337
information about the governance of the io.js project, see
337338
[GOVERNANCE.md](./GOVERNANCE.md).
338339

339-
=======
340340
### TSC (Technical Steering Committee)
341341

342342
* **Ben Noordhuis** &lt;info@bnoordhuis.nl&gt; ([@bnoordhuis](https://github.com/bnoordhuis))
343343
* **Bert Belder** &lt;bertbelder@gmail.com&gt; ([@piscisaureus](https://github.com/piscisaureus))
344344
* **Fedor Indutny** &lt;fedor.indutny@gmail.com&gt; ([@indutny](https://github.com/indutny))
345345
* **Trevor Norris** &lt;trev.norris@gmail.com&gt; ([@trevnorris](https://github.com/trevnorris))
346346
* **Chris Dickinson** &lt;christopher.s.dickinson@gmail.com&gt; ([@chrisdickinson](https://github.com/chrisdickinson))
347-
- Release GPG key: 9554F04D7259F04124DE6B476D5A82AC7E37093B
348347
* **Rod Vagg** &lt;rod@vagg.org&gt; ([@rvagg](https://github.com/rvagg))
349-
- Release GPG key: DD8F2338BAE7501E3DD5AC78C273792F7D83545D
350348
* **Jeremiah Senkpiel** &lt;fishrock123@rocketmail.com&gt; ([@fishrock123](https://github.com/fishrock123))
351-
- Release GPG key: FD3A5288F042B6850C66B31F09FE44734EB7990E
352349
* **Colin Ihrig** &lt;cjihrig@gmail.com&gt; ([@cjihrig](https://github.com/cjihrig))
353-
- Release GPG key: 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
354350
* **Alexis Campailla** &lt;orangemocha@nodejs.org&gt; ([@orangemocha](https://github.com/orangemocha))
355351
* **Julien Gilli** &lt;jgilli@nodejs.org&gt; ([@misterdjules](https://github.com/misterdjules))
356352
* **James M Snell** &lt;jasnell@gmail.com&gt; ([@jasnell](https://github.com/jasnell))
@@ -393,3 +389,32 @@ information about the governance of the io.js project, see
393389

394390
Collaborators & TSC members follow the [COLLABORATOR_GUIDE.md](./COLLABORATOR_GUIDE.md) in
395391
maintaining the io.js project.
392+
393+
### Release Team
394+
395+
Releases of Node.js and io.js will be signed with one of the following GPG keys:
396+
397+
* **Chris Dickinson** &lt;christopher.s.dickinson@gmail.com&gt;: `9554F04D7259F04124DE6B476D5A82AC7E37093B`
398+
* **Colin Ihrig** &lt;cjihrig@gmail.com&gt; `94AE36675C464D64BAFA68DD7434390BDBE9B9C5`
399+
* **Jeremiah Senkpiel** &lt;fishrock@keybase.io&gt; `FD3A5288F042B6850C66B31F09FE44734EB7990E`
400+
* **Rod Vagg** &lt;rod@vagg.org&gt; `DD8F2338BAE7501E3DD5AC78C273792F7D83545D`
401+
402+
The full set of trusted release keys can be imported by running:
403+
404+
```
405+
gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B
406+
gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
407+
gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E
408+
gpg --keyserver pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
409+
```
410+
411+
See the section above on [Verifying Binaries](#verifying-binaries) for
412+
details on what to do with these keys to verify a downloaded file is official.
413+
414+
Previous releases of Node.js have been signed with one of the following GPG
415+
keys:
416+
417+
* Julien Gilli &lt;jgilli@fastmail.fm&gt; `114F43EE0176B71C7BC219DD50A3051F888C628D`
418+
* Timothy J Fontaine &lt;tjfontaine@gmail.com&gt; `7937DFD2AB06298B2293C3187D33FF9D0246406D`
419+
* Isaac Z. Schlueter &lt;i@izs.me&gt; `93C7E9E91B49E432C2F75674B0A78B0A6C481CF6`
420+
>>>>>>> b6a4c05... doc: reorg release team to separate section

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.