Skip to content

Commit

Permalink
Document pgp artifact signing keys
Browse files Browse the repository at this point in the history
Closes #3084
  • Loading branch information
krmahadevan committed Mar 7, 2024
1 parent 832cff4 commit 4ea8ac4
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGES.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
Current (7.10.0)
Fixed: GITHUB:3084: Document project's PGP artifact signing keys (Krishnan Mahadevan)
Fixed: GITHUB:3040: replace the usages of synchronized with ReentrantLock (Krishnan Mahadevan)
Fixed: GITHUB-3041: TestNG 7.x DataProvider works in opposite to TestNG 6.x when retrying tests. (Krishnan Mahadevan)
Fixed: GITHUB-3066: How to dynamically adjust the number of TestNG threads after IExecutorFactory is deprecated? (Krishnan Mahadevan)
Expand Down
37 changes: 37 additions & 0 deletions KEYS
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
pub rsa2048 2016-12-01 [SC]
C4F54D8622C95CC3F098721A0F13D5631D6AF36D
uid [ unknown] Krishnan Mahadevan (krmahadevan-key) <krishnan.mahadevan1978@gmail.com>
sig 3 0F13D5631D6AF36D 2016-12-01 [self-signature]
sub rsa2048 2016-12-01 [E]
sig 0F13D5631D6AF36D 2016-12-01 [self-signature]

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFhAKr0BCACpCBFAMXU7scE/5BmSA3strabxRphlB1g0M63I2zP5ibrzK63c
mTwz/rWwpeUnBgxe9wVArvvV2NFi4qNUqZVd5luxBIWE1btE8nSKLLuOSbTfOOW0
mXFBTnUQVDp1IYH8aX0lktbypiMifAio6YwFc35hHe8p+z9J4mzxS8BMutITcyG1
ze8yUabwo8jkBJzIHZhhcHE0Y+dOAmrHlkE5LKtqGnYLmcP0FZ3WEpp/0DsQ+drE
+APikLWQmqItdESZmp7J/qI1T3jLQ8V6+E8ZCgDfij+HxIl1BDThoDjqPs5paNYv
9KEtPslLudMS5Ffq3sCBtOYV9L6ee8gkazRPABEBAAG0R0tyaXNobmFuIE1haGFk
ZXZhbiAoa3JtYWhhZGV2YW4ta2V5KSA8a3Jpc2huYW4ubWFoYWRldmFuMTk3OEBn
bWFpbC5jb20+iQE5BBMBCAAjBQJYQCq9AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQDxPVYx1q823Dygf7BpWRvHhevZntcBZ2VAQhnfpsisqHKTDDIxde
U9SibR6CeVOKRqU1sPZSoZDwVWzpt0FF0fIEojbnvIMNrI4WgOT5xTr265irY33w
0p8Rjeco3IQSlaoZSGs/dw118TrwhCEcvBfiv7L5tETB1WlAF2SLxEbqP2wK2hTj
F4zE0SSmzztJaEJvVncw7EfFzHpLtRCAwoWmZqNnadQeeq6c52EnVOlqxzld8aO/
v8mOMvgfZvwvylKauPZN/mseXOQeVBJg0OF9gUlXhTK2nM0jUSNQvAp/MJ4IjV0P
GwHJi+YINJYMTU0pjkjBdThnFqD6waqeDUZJG/0CceLUlJdUEbkBDQRYQCq9AQgA
oQ0sIv/pfLE58MWBEOM0975BXnLTTzgbvbpY4AG9ZBecs2p2lFQ5VxwS6LO1LPPw
lZ829ry8k+6D1TQtxC31m1cJNUgTNHRR7Cc+qQTdWA7bHjJgZYrQBZbC62AM7q69
fu9fwVuVK65UzTLDWwAZ32mQXIwBa1RB/lz9pOWJJEr663yqh1IczY0FYKPyOjAf
YQ9RNFDcIRPEjP7TGd+tJIwDQHeimbSNAh6X4RY625vKKTxw0tJzXSXs2XisTYHj
iwENDHR/RNKJiW/VqEtwHGmwe60XJDX5GiW4Dp0Owk8LCG7m5ERx+OypBuoJ+VUt
qJlRyQ/Xi2DKO+dwqrVSawARAQABiQEfBBgBCAAJBQJYQCq9AhsMAAoJEA8T1WMd
avNtePEIAI/ncSquvPBOxPS7naiCShtTVxzC8MmwsqLmnx4lFGxy0ElSOwlWX6g7
2/KnIhXrMcpbbTtruv3DKNmh3br3nmFg7y2Rt+u+GLbY3Ms8BHQU7esPt4Hey4iH
/C/3F3KPV6gt9Mx2d4VQKSoinkavK77H7DRBtDMTyYpoqSS7wYLDQsJ0kPSCDupU
QXsc2cNyd0Pb89xfXqEE0ntrB63eThT5+loFm/eaP0mTdzLn+gQ/VruuPibxEoXL
0gK3z75V8muX20TJXhc4F3tGCkVZ8nDgnrbwj0e9FsqLfthYIDxjyc+JVU1ip5E/
3GB9FoYfKJ5nm4+32uWtSw+9cZWh4Bc=
=mMe+
-----END PGP PUBLIC KEY BLOCK-----
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,20 @@ Refer our [Contributing](.github/CONTRIBUTING.md) section for detailed set of st

If your pull request involves fixing SonarQube issues then we would suggest that you please discuss this with the
[TestNG-dev](https://groups.google.com/forum/#!forum/testng-dev) before you spend time working on it.

### Verifying the signature

1. Download the `.asc` file from `https://repo1.maven.org/maven2/org/testng/testng/<versionGoesHere>`
2. Run the command `gpg --verify testng-7.9.0.jar.asc testng-7.9.0.jar`
3. You should see an output as below:

```bash
gpg: Signature made Tue Dec 26 15:06:16 2023 IST
gpg: using RSA key 0F13D5631D6AF36D
gpg: Good signature from "Krishnan Mahadevan (krmahadevan-key) <krishnan.mahadevan1978@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4F5 4D86 22C9 5CC3 F098 721A 0F13 D563 1D6A F36D
```

For more details regarding keys please refer [here](https://infra.apache.org/release-signing.html#verifying-signature)

0 comments on commit 4ea8ac4

Please sign in to comment.