Update release notes

After discussing the release process with @calleerlandsson and @mike-burns we decided to stop signing releases in order to simplify the process. Instead, a SHA-256 checksum will be available for the release tarball.
mptre · Aug 28, 2017 · e3332e2 · e3332e2
1 parent d7d25a8
commit e3332e2
Showing 1 changed file with 5 additions and 11 deletions.
diff --git a/DEVELOPING.md b/DEVELOPING.md
@@ -71,25 +71,19 @@ you agree to abide by its [Code of Conduct][conduct].
    $ git pull --rebase
    $ git push origin master
    $ git status
-   $ git tag --sign -m "v0.0.2" v0.0.2
+   $ git tag -m "v0.0.2" v0.0.2
    $ git push origin master --tags
    ```
 
-5. Sign the tarball:
+5. Generate checksum:
 
    ```sh
-   $ gpg -sab pick-0.0.2.tar.gz
+   $ sha256 pick-0.0.2.tar.gz >pick-0.0.2.sha256
    ```
 
-6. Verify the signature:
+6. [Announce the release on GitHub][announce].
 
-   ```sh
-   $ gpg --verify pick-0.0.2.tar.gz.asc pick-0.0.2.tar.gz
-   ```
-
-7. [Announce the release on GitHub][announce].
-
-8. Contact package maintainers:
+7. Contact package maintainers:
 
   * Aggelos Avgerinos <[email protected]> (Debian & Ubuntu)
   * Chunyang Xu <[email protected]> (MacPorts)