Create a code signing key
Install GNU GPG
Create a gpg config file eg c:\gpg\conf\gpg.conf with this contents:
utf8-strings
keyserver x-hkp://pgp.surfnet.nl/
default-cert-check-level 3
keyserver-options auto-key-retrieve include-subkeys
no-mangle-dos-filenames
no-secmem-warning
Set the GNUPGHOME environment var to point to that: set GNUPGHOME=\gpg\conf
gpg --gen-key
accept all defaults, use your apache email and a comment like "Code Signing Key", eg:
Real name: Ant Elder
Email address: antelder@apache.org
Comment: Code Signing Key
Use long hard to guess passphrase with numbers and miss spellings etc
now should be able to show that key with: gpg --list-keys
C:\>gpg --list-keys
/gpgtest/conf\pubring.gpg
-------------------------
pub 1024D/481240F5 2007-06-28
uid Ant Elder (Code Signing Key) <antelder@apache.org>
sub 2048g/F6F122B8 2007-06-28
Upload that to a key server using the keyid, eg gpg --send-key 481240F5
Now if you go to http://pgp.surfnet.nl/ you should be able to search for you name and find the uploaded key
Add this key to the KEYS file in the Tuscany SVN: https://svn.apache.org/repos/asf/incubator/tuscany/KEYS
eg, check out the KEYS file then update with:
(gpg --list-sigs antelder@apache.org && gpg --armor --export antelder@apache.org) >> KEYS
| 
