Google Git
Sign in
apache/tooling-trusted-releases

Apache Trusted Releases

Mirrored from https://github.com/apache/tooling-trusted-releases.git
Clone this repo:

Branches

More...
  1. 75e749f Bump actions/cache from 5.0.3 to 5.0.4 by dependabot[bot] · 7 days ago main
  2. dcd8d9b Remove the unused file upload staging mechanism by Sean B. Palmer · 9 hours ago sbp
  3. ed6b219 Remove unused code in the GET upload module by Sean B. Palmer · 9 hours ago
  4. 03f4030 Combine multiple uploaded files into a single JS request by Sean B. Palmer · 9 hours ago
  5. 355be9b Add a JSON response mode for when files are added by Sean B. Palmer · 9 hours ago

Apache Trusted Releases (ATR)

A prototype service for verifying and distributing Apache releases securely.

NOTE: New contributors must introduce themselves on the development mailing list first, to deter spam. Contributions are very welcome, but please do not submit a PR until you have introduced yourself.

Status

This repository contains code developed by the Apache Software Foundation (ASF) Tooling team.

As of January 2026, this code is available for internal ASF feedback only. The project is in alpha development and subject to significant changes.

We welcome feedback and discussion, but note that many known issues and design refinements are already scheduled for future iterations. Please review our issue tracker and inline comments before filing new issues.

Alpha test deployment: https://release-test.apache.org/

Note: This repository is not yet an officially maintained or endorsed ASF project. It does not represent final technical or policy decisions for future ASF Tooling products. The code is provided without guarantees regarding stability, security, or backward compatibility.

Quick start

Run with Docker Compose (recommended):

git clone https://github.com/apache/tooling-trusted-releases.git
cd tooling-trusted-releases
mkdir -p state
docker compose up --build

Then visit https://127.0.0.1:8080/ (accept the self-signed certificate).

See DEVELOPMENT.md for additional options including running without containers.

Documentation

DocumentDescription
DEVELOPMENT.mdQuick start guide for developers
BUILD.mdBuild instructions and Make targets
CONTRIBUTING.mdHow to contribute code
SUPPORT.mdGetting help and reporting issues
GOVERNANCE.mdProject governance

Online documentation: https://release-test.apache.org/docs/

Getting involved

Community feedback is encouraged! If you are an ASF committer or contributor interested in Trusted Releases:

  1. Try it out – The alpha test server allows you to experiment with the release process.

  2. Introduce yourself on the development mailing list: dev@tooling.apache.org

    Subscribe by sending email with empty subject and body to dev-subscribe@tooling.apache.org and replying to the automated response (per the ASF mailing list how-to).

  3. Share ideas or file issues: Use the GitHub Issues page to report bugs, suggest features, or discuss improvements.

  4. Chat with us: #apache-trusted-releases on ASF Slack

Contributing

See CONTRIBUTING.md for detailed contribution guidelines.

Key resources for contributors:

License

This project is licensed under the Apache License, Version 2.0.

Part of the Apache Tooling Initiative. For more information about the ASF, visit https://www.apache.org/.