|Description||Release Engineering ("RelEng") is the official Gentoo project focused on coordinating and improving the creation of official media releases of Gentoo Linux and the associated tools used by the installation process.|
|Mailing firstname.lastname@example.org (archive)|
|IRC channel||#gentoo-releng (webchat)|
Last elected: 2021-05-21
(and inherited member(s))
Release Engineering ("RelEng") is the official Gentoo project focused on coordinating and improving the creation of official media releases of Gentoo Linux and other Gentoo operating systems. It is also primarily responsible for many of the tools used by the installation process, including Catalyst and genkernel. It was also responsible in the past for the Gentoo Linux Installer (GLI).
The goals of Release Engineering are to continually improve the quality, timeliness and overall procedures for creating official Gentoo Linux releases, as well as acting as the official coordinators for creating new Gentoo Linux release media. This project is very much focused on ensuring that the initial quality of every official release is as high as possible, and that the "from CD" experience is as positive for as many of our users as possible.
Release security and signing
All release media will have its DIGESTS file signed by one of the Gentoo Linux Release Engineering (email@example.com) PGP keys listed on this page. The keys are available through the subkeys.pgp.net keyserver. They can be used to verify that the media is, in fact, the media shipped by Release Engineering and not from a potential attacker. You will find more detailed verification instructions in the handbooks for each release.
New keys and changes to existing keys will be announced to the following Gentoo mailing lists: gentoo-dev-announce, gentoo-announce, gentoo-core.
Releases up to and including 2007.0 had PGP signatures directly on top of the files. This required large quantities of disk IO for generation on the servers, and validation on the client side. As such, as of the 2008.0 release, the DIGESTS file is now signed instead, making verification a two-step process, but overall much quicker.
During 2011, the DIGESTS files were also expanded to contain hashes other than SHA1 and MD5, to provide more secure validation.
Obtaining the public key:
gpg --keyserver subkeys.pgp.net --recv-keys <key id>
Verify the cryptographic signature:
gpg --verify <foo.DIGESTS.asc>
Verify the checksum (at least one of these hashes will exist):
sha512sum -c <foo.DIGESTS.asc>
sha256sum -c <foo.DIGESTS.asc>
sha1sum -c <foo.DIGESTS.asc>
|Key ID||Key Type||Key Fingerprint||Key Description||Created||Expires||Revoked||Notes|
||Gentoo-keys Team signing key <firstname.lastname@example.org>||2014-10-03||2018-12-31||Non-automated.|
||Gentoo Portage Snapshot signing Key (Automated signing key)||2011-11-25||2019-01-01|
||Gentoo Linux Release Engineering (Gentoo Linux Release signing Key)||2004-07-20||2020-07-01||Non-automated.|
||Gentoo Linux Release Engineering (Automated weekly release key)||2009-08-25||2020-01-01|
||Gentoo Portage Snapshot signing key (Automated Signing Key)||2007-11-25||2012-05-23||2012-05-23||Superceded by 0xDB6B8C1F96D8BF6D|
||Gentoo Portage Snapshot signing key (Automated signing key)||2004-11-11||2005-11-11||2007-11-25||Revoked for changeover.|
||Gentoo Portage Snapshot signing key (Automated signing key)||2005-11-23||2007-11-23||2007-11-23||Revoked for changeover.|
Resources offered by the Release Engineering Project:
- Release guidelines — covers both the QA and release guidelines for the Gentoo Linux biannual release system.
Hall of Honor
Over the eons, many developers have come and gone. The best of them left a lasting impression so we honor them here, in the Gentoo Hall of Honor.
|wolf31o2||One of our early leaders. Even now it is still hard to find code without his name on it.|
|agaffney||Creator of the autobuild process. He will never be forgiven for it.|