update verification script and add notes on signing keys (#2520)
diff --git a/dev/release/README.md b/dev/release/README.md
index 74faf25..dd54d65 100644
--- a/dev/release/README.md
+++ b/dev/release/README.md
@@ -56,6 +56,26 @@
- https://dist.apache.org/repos/dist/dev/arrow/KEYS
- https://dist.apache.org/repos/dist/release/arrow/KEYS
+### How to add signing key
+
+See instructions at https://infra.apache.org/release-signing.html#generate for generating keys.
+
+Committers can add signing keys in Subversion client with their ASF account. e.g.:
+
+``` bash
+$ svn co https://dist.apache.org/repos/dist/dev/arrow
+$ cd arrow
+$ editor KEYS
+$ svn ci KEYS
+```
+
+Follow the instructions in the header of the KEYS file to append your key. Here is an example:
+
+``` bash
+(gpg --list-sigs "John Doe" && gpg --armor --export "John Doe") >> KEYS
+svn commit KEYS -m "Add key for John Doe"
+```
+
## Process Overview
As part of the Apache governance model, official releases consist of signed
diff --git a/dev/release/verify-release-candidate.sh b/dev/release/verify-release-candidate.sh
index 8d107b90..7424def 100755
--- a/dev/release/verify-release-candidate.sh
+++ b/dev/release/verify-release-candidate.sh
@@ -138,7 +138,7 @@
# Note can't verify datafusion or datafusion-expr as they depend
# on datafusion-common which isn't published yet
- pushd datafusion-common
+ pushd datafusion/common
cargo publish --dry-run
popd
}
