[llvm][release] On release page, explain package types and verification #138144
Conversation
So that users can understand which they should use, particularly for Windows. The original text about community builds is kept as the last part.
DavidSpickett
changed the title
|
✅ With the latest revision this PR passed the Python code formatter. |
|
We could also have links up front to the major platform's packages (since we can predict what the URL will be), which would save most people even reading this but I'll tackle that later maybe. See what people think of this first. |
* Add reccomendation to windows part * Add sub-title before sources types
* Reword Windows a bit.
* Fix typos in the Windows section
|
Yes this needs definitely needs a release manager's input. |
|
Ping! |
|
Sorry for missing this. It looks good overall - but I wonder if we want to add something about the gpg files and that people should verified signed packages. |
|
I see there are signature files but I think I need to download a public key from somewhere to verify it. Is there one for llvm or is it the release manager's? As https://llvm.org/docs/HowToReleaseLLVM.html#tagging-the-llvm-release-candidates suggests. |
Pretty sure we linked to our keys in the old release text. You can find them on https://releases.llvm.org/ |
DavidSpickett
changed the title
|
Added gpg instructions. Might be missing some steps, I've not used it before. |
…ad of the github generated zip
|
Just realised that some come with a |
|
.jsonl comes from GitHub and you need to use "gh" to verify these. |
|
I've added instructions for using |
|
LGTM |
3 participants
Background: https://discourse.llvm.org/t/rfc-explaining-release-package-types-and-purposes/85985
So that users can understand which they should use, particularly for Windows. The original text about community builds is kept, after explaining the main release package formats.
In addition, explain how to use gpg or gh to verify the packages.