From be8ccd5ec7ea4fbecb37b4ad1e99616c33b3fb6f Mon Sep 17 00:00:00 2001
From: Shuxin Pan <psxjoy@apache.org>
Date: Mon, 12 Jan 2026 21:14:57 +0800
Subject: [PATCH 1/5] feature: enhance release verification documentation with
 detailed steps and compliance checks

---
 website/community/release/verify-release.md   | 187 +++++++++++++++-
 .../current/release/verify-release.md         | 201 +++++++++++++++++-
 2 files changed, 386 insertions(+), 2 deletions(-)

diff --git a/website/community/release/verify-release.md b/website/community/release/verify-release.md
index b4a1e94bf..316864278 100644
--- a/website/community/release/verify-release.md
+++ b/website/community/release/verify-release.md
@@ -2,5 +2,190 @@
 id: 'verify-release'
 title: 'How to Verify Release'
 ---
+For a detailed checklist, please refer to the official [Incubator Release Checklist](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist).
 
-For detailed check list, please refer to the official [check list](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist).
+### 1. Download the Release Candidate
+
+> **Prerequisite:** Ensure you have `gpg` or `gpg2` installed.
+
+:::caution Note
+Downloading may take some time depending on your network connection.
+:::
+
+Set environment variables for convenience (replace with actual versions):
+
+```shell
+# Example: export RELEASE_VERSION=0.1.0
+# Example: export RC_VERSION=rc1
+export RELEASE_VERSION={release_version}
+export RC_VERSION={rc_version}
+
+```
+
+Download the artifacts:
+
+```shell
+# Option 1: SVN checkout (Recommended, includes KEYS file)
+svn co https://dist.apache.org/repos/dist/dev/incubator/fesod/${RELEASE_VERSION}-${RC_VERSION}/ fesod-dist-dev
+
+# Option 2: Wget individual files
+wget https://dist.apache.org/repos/dist/dev/incubator/fesod/${RELEASE_VERSION}-${RC_VERSION}/apache-fesod-${RELEASE_VERSION}-src.tar.gz
+
+```
+
+### 2. Verify Compliance and Integrity
+
+#### 2.1 Check Package Completeness
+
+The uploaded artifacts must contain:
+
+1. **Source Package** (Required)
+2. **Signature file** (.asc, Required)
+3. **Hash file** (.sha512, Required)
+
+#### 2.2 Verify GPG Signature
+
+**2.2.1 Import KEYS**
+
+```shell
+# Download KEYS
+curl https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS > KEYS
+
+# Import KEYS locally
+gpg --import KEYS
+
+```
+
+**2.2.2 Trust the Public Key (Optional but Recommended)**
+
+```shell
+# Find the Key ID used for this release
+gpg --edit-key <KEY_ID>
+
+# Type 'trust', select '5' (ultimate), confirm with 'y', then type 'quit'
+
+```
+
+**2.2.3 Verify the Signature**
+
+```shell
+# Verify Source Package
+gpg --verify apache-fesod-${RELEASE_VERSION}-src.tar.gz.asc apache-fesod-${RELEASE_VERSION}-src.tar.gz
+
+```
+
+> **Success Indicator:** The output must include **`Good signature`**.
+
+#### 2.3 Verify SHA512 Checksum
+
+**Mac OS / Linux:**
+
+```shell
+# Verify Source Package
+shasum -a 512 --check apache-fesod-${RELEASE_VERSION}-src.tar.gz.sha512
+
+# Or manually compare
+shasum -a 512 apache-fesod-${RELEASE_VERSION}-src.tar.gz
+cat apache-fesod-${RELEASE_VERSION}-src.tar.gz.sha512
+
+```
+
+**Windows:**
+
+```shell
+certUtil -hashfile apache-fesod-${RELEASE_VERSION}-src.tar.gz SHA512
+
+```
+
+### 3. Check Source Package Content (Crucial)
+
+Extract the source package:
+
+```shell
+tar -xvf apache-fesod-${RELEASE_VERSION}-src.tar.gz
+cd apache-fesod-${RELEASE_VERSION}-src
+
+```
+
+#### 3.1 Incubator Specific Checks
+
+* [ ] **DISCLAIMER:** Ensure a `DISCLAIMER` (or `DISCLAIMER-WIP`) file exists in the root directory. This is mandatory for incubating projects.
+
+#### 3.2 ASF License Header Check (RAT)
+
+Run the Apache RAT (Release Audit Tool) check:
+
+```shell
+# Run RAT check
+./mvnw apache-rat:check
+# Or if wrapper is not configured
+mvn apache-rat:check
+
+```
+
+**Check the report (`target/rat.txt`):**
+
+* **Unapproved Licenses:** Must be **0**.
+* **Binaries:** Should be **0** (Source packages should not contain compiled jars/classes).
+
+#### 3.3 Compilation Verification
+
+Ensure the source code compiles successfully.
+
+```shell
+# This may take time depending on network to download dependencies
+./mvnw clean install -DskipTests
+
+```
+
+**Checklist:**
+
+* [ ] Build Success.
+* [ ] No unexpected binary files in the source tree.
+
+#### 3.4 License and Notice
+
+Manually check the following files in the root directory:
+
+* [ ] **LICENSE:** Exists and contains the Apache License 2.0.
+* [ ] **NOTICE:**
+* Exists.
+* Copyright year is current (e.g., includes 2025/2026).
+* Contains required attributions for bundled dependencies (if any).
+
+### 4. Email Reply Templates
+
+After verification, reply to the vote thread on `dev@fesod.apache.org`.
+
+:::tip
+As a **PPMC member**, your vote is **binding**. Please include `(binding)` in your reply.
+:::
+
+**Template for PPMC Members:**
+
+```text
++1 (binding)
+
+[X] Download links are valid.
+[X] Checksums and signatures.
+[X] LICENSE/NOTICE files exist
+[X] No unexpected binary files
+[X] All source files have ASF headers
+[X] Can compile from source
+
+My Environment:
+- OS: MacOS <Version> / Linux
+- JDK: <JDK Version>
+- Maven: <Maven Version>
+
+```
+
+**Template for Contributors (Non-PPMC):**
+
+```text
++1 (non-binding)
+
+I have checked:
+... (Same as above)
+
+```
diff --git a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
index b96eb0f51..89acc5a2d 100644
--- a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
+++ b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
@@ -3,4 +3,203 @@ id: 'verify-release'
 title: '如何验证版本'
 ---
 
-如需查看详细检查清单，请访问官方的[检查清单](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist)页面。
+详细检查列表请参考官方的 [Incubator Release Checklist](https://cwiki.apache.org/confluence/display/INCUBATOR/Incubator+Release+Checklist)。
+
+### 1. 下载要发布的候选版本
+
+> 验证环节需依赖 GPG 工具，建议预先安装 `gpg` 或 `gpg2`。
+
+:::caution 注意
+请确保网络环境畅通，下载耗时取决于网络状况。
+:::
+
+首先，设置环境变量以便于后续命令执行（请替换为实际的版本号）：
+
+```shell
+# 例如：export RELEASE_VERSION=0.1.0
+# 例如：export RC_VERSION=rc1
+export RELEASE_VERSION={发布版本号}
+export RC_VERSION={RC版本号}
+
+```
+
+下载物料：
+
+```shell
+# 方式一：如果本地有 SVN，直接 checkout (推荐，包含了 KEYS 文件)
+svn co https://dist.apache.org/repos/dist/dev/incubator/fesod/${RELEASE_VERSION}-${RC_VERSION}/ fesod-dist-dev
+
+# 方式二：使用 wget 直接下载特定文件
+wget https://dist.apache.org/repos/dist/dev/incubator/fesod/${RELEASE_VERSION}-${RC_VERSION}/apache-fesod-${RELEASE_VERSION}-src.tar.gz
+
+```
+
+### 2. 验证上传的版本是否合规
+
+#### 2.1 检查发布包完整性
+
+上传到 dist 的包必须包含：
+
+1. **源码包** (Source Package, 必须)
+2. **签名文件** (.asc, 必须)
+3. **哈希文件** (.sha512, 必须)
+
+#### 2.2 检查 GPG 签名
+
+首先导入发布人的公钥。
+
+**2.2.1 导入 KEYS**
+
+```shell
+# 从 SVN 仓库下载 KEYS (通常在版本目录或根目录)
+curl https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS > KEYS
+
+# 导入 KEYS 到本地
+gpg --import KEYS
+
+```
+
+**2.2.2 信任公钥 (可选，但推荐)**
+
+```shell
+# 查找本次发版人的 Key ID，并进行信任设置
+gpg --edit-key <KEY_ID>
+
+# 输入 trust，选择 5 (ultimate)，确认 y，最后 quit
+
+```
+
+**2.2.3 验证签名**
+
+```shell
+# 验证源码包
+gpg --verify apache-fesod-${RELEASE_VERSION}-src.tar.gz.asc apache-fesod-${RELEASE_VERSION}-src.tar.gz
+```
+
+> **检查结果：** 必须出现 **`Good signature`** 字样。
+
+#### 2.3 检查 SHA512 哈希
+
+**Mac OS / Linux:**
+
+```shell
+# 验证源码包
+shasum -a 512 --check apache-fesod-${RELEASE_VERSION}-src.tar.gz.sha512
+
+# 或者手动对比
+shasum -a 512 apache-fesod-${RELEASE_VERSION}-src.tar.gz
+# 查看 .sha512 文件内容进行肉眼比对
+cat apache-fesod-${RELEASE_VERSION}-src.tar.gz.sha512
+
+```
+
+**Windows:**
+
+```shell
+certUtil -hashfile apache-fesod-${RELEASE_VERSION}-src.tar.gz SHA512
+
+```
+
+### 3. 检查源码包内容 (核心合规项)
+
+解压源码包：
+
+```shell
+tar -xvf apache-fesod-${RELEASE_VERSION}-src.tar.gz
+cd apache-fesod-${RELEASE_VERSION}-src
+
+```
+
+#### 3.1 孵化器特有检查 (Incubator Check)
+
+作为孵化项目，必须检查根目录下是否存在 `DISCLAIMER` (或 `DISCLAIMER-WIP`) 文件。
+
+* **检查项：** 确认存在 `DISCLAIMER` 文件，且内容声明了这是一个处于孵化阶段的项目。
+
+#### 3.2 ASF License Header (RAT 检查)
+
+使用 Maven 插件进行 License 头检查。
+
+```shell
+# 运行 RAT 检查
+./mvnw apache-rat:check
+# 或者如果未配置 wrapper
+mvn apache-rat:check
+
+```
+
+**检查结果分析：**
+查看生成的报告文件（通常在 `target/rat.txt` 或控制台输出）：
+
+* **Unapproved Licenses:** 必须为 0。
+* **Binaries:** 应当为 0 (源码包中不应包含编译后的二进制 jar/class 文件)。
+
+```shell
+# 快速查看异常文件 (Mac/Linux)
+find . -name rat.txt -print0 | xargs -0 -I file cat file | grep "Unapproved Licenses"
+
+```
+
+#### 3.3 源码编译验证
+
+确保源码可以被正确编译打包。
+
+```shell
+# 首次编译可能需要下载依赖，耗时视网络而定
+./mvnw clean install -DskipTests
+
+```
+
+**检查项：**
+
+* [ ] Build Success (编译成功)
+* [ ] 源码包中**不包含**任何非必要的二进制文件 (如 `.jar`, `.zip`, `.class`)。
+
+#### 3.4 许可证合规性检查
+
+进入解压后的目录，人工检查：
+
+* [ ] **LICENSE 文件：** 存在且内容标准 (Apache License 2.0)。
+* [ ] **NOTICE 文件：**
+* 存在。
+* 年份正确 (例如包含 2025/2026)。
+* 如果引入了其他必须在 NOTICE 中声明的依赖，需确认已包含。
+
+* [ ] **DISCLAIMER 文件：** 存在（孵化项目必须）。
+
+### 4. 邮件回复示例
+
+验证完成后，请在开发者邮件列表 (`dev@fesod.apache.org`) 回复投票邮件。
+
+:::tip 特别提示
+你是 **PPMC 成员**，你的投票是 **Binding (有约束力)** 的。请务必带上 `(binding)` 后缀。
+:::
+
+**回复模板 (PPMC 成员):**
+
+```text
++1 (binding)
+
+[X] Download links are valid.
+[X] Checksums and signatures.
+[X] LICENSE/NOTICE files exist
+[X] No unexpected binary files
+[X] All source files have ASF headers
+[X] Can compile from source
+
+My Environment:
+- OS: MacOS <版本号> / Linux
+- JDK: <JDK版本>
+- Maven: <Maven版本>
+
+```
+
+**回复模板 (非 PPMC 成员/贡献者):**
+
+```text
++1 (non-binding)
+
+I have checked:
+... (同上)
+
+```

From 464f835e4557d5e74938786df3b4d14f439fc376 Mon Sep 17 00:00:00 2001
From: Shuxin Pan <psxjoy@apache.org>
Date: Tue, 13 Jan 2026 18:15:41 +0800
Subject: [PATCH 2/5] feature: enhance release verification documentation with
 detailed PGP signing and POM configuration steps

---
 website/community/release/release-version.md  | 506 ++++++++++++++++-
 website/community/release/verify-release.md   |   7 +-
 .../current/release/release-version.md        | 511 +++++++++++++++++-
 .../current/release/verify-release.md         |   8 +-
 4 files changed, 1023 insertions(+), 9 deletions(-)

diff --git a/website/community/release/release-version.md b/website/community/release/release-version.md
index 615c91b3b..2b6d6684b 100644
--- a/website/community/release/release-version.md
+++ b/website/community/release/release-version.md
@@ -3,4 +3,508 @@ id: 'release-version'
 title: 'How to Release'
 ---
 
-This tutorial describes in detail how to release Apache Fesod (Incubating), take the release of version 2.0.0 as an example.
+# 1. Preface
+
+## 1.1 Apache Release Documentation
+
+Refer to the following links to understand the ASF release process:
+
+- [Apache Release Guide](http://www.apache.org/dev/release-publishing)
+- [Apache Release Policy](http://www.apache.org/dev/release.html)
+- [Maven Release Info](http://www.apache.org/dev/publishing-maven-artifacts.html)
+
+## 1.2 PGP Signing
+
+Follow the Apache Release Guide to sign the release version. Users can also use this signature to verify that the downloaded version has not been tampered with.
+
+Create a `pgp` key for release signing, using **\<your Apache ID>@apache.org** as the key USER-ID.
+
+For details, refer to [Apache Releases Signing documentation](https://infra.apache.org/release-signing) and [Cryptography with OpenPGP](http://www.apache.org/dev/openpgp.html).
+
+Brief process for generating a key:
+
+- Generate a new `gpg` key using `gpg --full-gen-key`, setting the key length to 4096.
+
+  Note: You can set it to never expire, or set an expiration date based on your needs. However, if it expires, you must update the public key in the [DEV KEYS file](https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS) and [RELEASE KEYS file](https://dist.apache.org/repos/dist/release/incubator/fesod/KEYS).
+
+- Upload the key to the public key server using `gpg --keyserver keys.openpgp.org --send-key <your key id>`.
+
+Note: If the server is inaccessible, you can upload the public key online via [OpenPGP Keyserver (ubuntu.com)](https://keyserver.ubuntu.com/).
+
+  ```bash
+  # Use this command to find the keyid, e.g.: gpg --list-signatures --keyid-format LONG
+  pub   rsa4096/XXXXXXXX 2025-12-15 [SC] [Expires: 2027-12-15]
+        F2D3A28A392129B927C7FB42XXXXXXXX
+  uid                   [ Absolute ] xxxx <xxxx@apache.org>
+  sig 3        XXXXXXXX 2025-12-15  [Self-signature]
+  sub   rsa4096/XXXXX 2025-12-15 [E] [Expires: 2027-12-15]
+  sig          XXXXXXXX 2025-12-15  [Self-signature]
+
+- Export the public key to a text file using `gpg --armor --output ./public-key.txt --export XXXXXXXX`.
+
+- Append the generated key to the [DEV KEYS file](https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS) and [RELEASE KEYS file](https://dist.apache.org/repos/dist/release/incubator/fesod/KEYS).
+
+**Note:**
+
+The DEV SVN repository can be updated by the Release Manager directly. The Release SVN repository requires PMC privileges, so you may need PMC assistance to upload the KEY.
+
+**Tips:** You need to set a default public key. If you have multiple public keys, please modify `~/.gnupg/gpg.conf`.
+
+Reference example:
+
+```text
+gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+  (1) RSA and RSA (default)
+  (2) DSA and Elgamal
+  (3) DSA (sign only)
+  (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+        0 = key does not expire
+     <n>  = key expires in n days
+     <n>w = key expires in n weeks
+     <n>m = key expires in n months
+     <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: (Set username) (Use Apache ID)
+Email address: (Set email address) (Use Apache email)
+Comment: (Fill in comments)
+You selected this USER-ID:
+   "Username (Comment) <Email Address>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key. (Set password)
+
+```
+
+Convert the generated public and private keys to ASCII format:
+
+```bash
+gpg --armor --output ./public-key.txt --export XXXXXXXX
+gpg --armor --output ./private-key.txt --export-secret-keys XXXXXXXX
+```
+
+View the key list:
+
+```bash
+[root@localhost ~]# gpg --list-signatures --keyid-format LONG
+[keyboxd]
+---------
+pub   rsa4096/XXXXXXXX 2025-12-15 [SC] [Expires: 2027-12-15]
+      D71C9B1CA898A2408D55EDCXXXXXXXX
+uid                   [ Absolute ] xxxx <xxxx@apache.org>
+sig 3        XXXXXXXX 2025-12-15  [Self-signature]
+sub   rsa4096/XXXXX 2025-12-15 [E] [Expires: 2027-12-15]
+sig          XXXXXXXX 2025-12-15  [Self-signature]
+
+```
+
+Upload the public key to the public key server:
+
+```bash
+[root@localhost gpgtest]# gpg --keyserver keys.openpgp.org --send-key XXXXXXXX
+gpg: sending key XXXXXXXX to hkp server keys.openpgp.org
+```
+
+## 1.3 POM Configuration
+
+Configure the POM file to deploy the version to the ASF Nexus repository.
+
+① Add Apache POM inheritance default settings:
+
+```xml
+<parent>
+    <groupId>org.apache</groupId>
+    <artifactId>apache</artifactId>
+    <version>31</version>
+</parent>
+```
+
+② Add key information to the Maven configuration file `settings.xml`:
+
+```xml
+<settings>
+    <profiles>
+        <profile>
+            <id>signed_release</id>
+            <properties>
+                <mavenExecutorId>forked-path</mavenExecutorId>
+                <gpg.keyname>yourKeyName</gpg.keyname>
+          <deploy.url>https://dist.apache.org/repos/dist/dev/incubator/fesod/</deploy.url>
+            </properties>
+        </profile>
+    </profiles>
+    <servers>
+        <server>
+            <id>apache.snapshots.https</id>
+            <username>yourApacheID</username>
+            <password>yourApachePassword</password>
+        </server>
+        <server>
+            <id>apache.releases.https</id>
+            <username>yourApacheID</username>
+            <password>yourApachePassword</password>
+        </server>
+        <server>
+            <id>gpg.passphrase</id>
+            <passphrase>yourKeyPassword</passphrase>
+        </server>
+    </servers>
+</settings>
+```
+
+**Tips:** It is recommended to use [Maven's password encryption capabilities](http://maven.apache.org/guides/mini/guide-encryption.html) to encrypt `gpg.passphrase`.
+
+# 2. Release Process
+
+## 2.1 Prepare Branch
+
+Create a new release branch from the main branch. For example, if you want to release version `${release_version}`, create a new branch `${release_version}` from the development branch. All modifications involving Release Candidates and tagging for `${release_version}` will be done on this branch. Ensure that all GitHub Actions CI checks pass on this branch. Finally, merge it back into the main branch after the release is complete.
+
+Example: If the Java SDK needs to release version `2.2.0-incubating`, create a new branch `release-2.2.0-incubating` from the `main` branch, and submit a commit on this branch replacing the Snapshot version number with the `2.2.0-incubating` version number.
+
+## 2.2 Prepare Binary and Source Packages
+
+### 2.2.1 Prepare the SDK release according to [publishing maven artifacts](https://infra.apache.org/publishing-maven-artifacts.html) [4] instructions
+
+```bash
+mvn clean deploy -Papache-release -DskipTests -Dgpg.skip=false
+```
+
+At this point, the Fesod SDK is published to the [Staging Repository](https://repository.apache.org/#stagingRepositories) (requires Apache account login). Find the released version (i.e., `${STAGING.RELEASE}`) and click **Close**.
+
+Note: If the close operation fails, it is likely because the public key corresponding to the signing key cannot be found on keys.openpgp.org. Please check via [OpenPGP Keyserver (ubuntu.com)](https://keyserver.ubuntu.com/).
+
+### 2.2.2 Package Source
+
+First, confirm that the current codebase is ready for release.
+
+```bash
+# 1. Switch to the main branch and update
+git checkout main
+git pull
+
+# 2. Create a GPG signed Tag
+# Note: Ensure the content in -m is accurate
+git tag -s 2.0.0-incubating-rc1 -m "release: release for 2.0.0-incubating RC1"
+
+# 3. Push the Tag to the remote repository
+git push git@github.com:apache/fesod.git 2.0.0-incubating-rc1
+```
+
+Use `git archive` to ensure the source package is clean (excludes the .git directory or other ignored files).
+
+```bash
+# 1. Export the source package
+git archive --format=tar.gz \
+  --prefix=apache-fesod-2.0.0-incubating-src/ \
+  -o apache-fesod-2.0.0-incubating-src.tar.gz \
+  e7546d1138d4d3a638df10193a4c29c50a7e55d8
+```
+
+> **Note**: The hash `e7546d11...` here corresponds to the commit hash of tag `2.0.0-incubating-rc1`.
+
+### 2.2.3 Sign and Hash
+
+Perform GPG signing and SHA512 calculation on the generated source package.
+
+```bash
+# 1. GPG Signature (.asc)
+for i in *.tar.gz; do 
+  echo "Signing $i"; 
+  gpg --armor --output $i.asc --detach-sig $i ; 
+done
+
+# 2. Generate SHA512 Checksum (.sha512)
+for i in *.tar.gz; do 
+  echo "Hashing $i"; 
+  sha512sum $i > $i.sha512 ; 
+done
+
+# 3. Verify (Optional)
+gpg --verify apache-fesod-2.0.0-incubating-src.tar.gz.asc apache-fesod-2.0.0-incubating-src.tar.gz
+sha512sum -c apache-fesod-2.0.0-incubating-src.tar.gz.sha512
+```
+
+### 2.2.4 Upload Source Package to SVN (Upload to Dist)
+
+Upload the signed source package to the Apache development distribution area (`dist/dev`).
+
+```bash
+# 1. Checkout SVN dev repository
+svn co https://dist.apache.org/repos/dist/dev/incubator/fesod/
+cd fesod-dev
+
+# 2. Create version directory
+mkdir 2.0.0-incubating-rc1
+cd 2.0.0-incubating-rc1
+
+# 3. Copy files (assuming files are in the parent directory)
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz .
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz.asc .
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz.sha512 .
+
+# 4. Commit to SVN
+cd ..
+svn add 2.0.0-incubating-rc1
+svn commit -m "Add 2.0.0-incubating-rc1 source release"
+```
+
+---
+
+# 3. Voting Phase
+
+## 3.1 Internal Community Vote
+
+**The vote lasts for at least 72 hours and requires 3 +1 binding votes.**
+
+Send to:
+
+```mail
+dev@fesod.apache.org
+
+```
+
+Subject:
+
+`[VOTE]Release Apache Fesod (Incubating) x.x.x-RCN (RoundN)`
+
+RC N and Round N: N represents the count, i.e., which round of voting for this version.
+
+Body:
+
+```text
+Hi Fesod Community,
+
+This is a call for vote to release Apache Fesod(incubating) 2.0.0-incubating.
+
+The release candidates:
+https://dist.apache.org/repos/dist/dev/incubator/fesod/2.0.0-incubating-rc1
+
+The staging repo:
+https://repository.apache.org/content/repositories/orgapachefesod-1016
+
+Git tag for the release:
+https://github.com/apache/fesod/releases/tag/2.0.0-incubating-rc1
+
+Hash for the release tag:
+e7546d1138d4d3a638df10193a4c29c50a7e55d8
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/2.0.0-incubating-rc1
+
+The artifacts have been signed with Key [ 72D5936C ], corresponding
+to
+[ psxjoy@apache.org ]
+which can be found in the keys file:
+https://downloads.apache.org/incubator/fesod/KEYS
+
+Build Environment: JDK 8+, Apache Maven 3.6.0+.
+./mvnw clean package -DskipTests
+
+
+The vote will be open for at least 72 hours.
+
+Please vote accordingly:
+
+[ ] +1 approve
+[ ] +0 no opinion
+[ ] -1 disapprove with the reason
+
+Checklist for reference:
+
+[ ] Download links are valid.
+[ ] Checksums and signatures.
+[ ] LICENSE/NOTICE files exist
+[ ] No unexpected binary files
+[ ] All source files have ASF headers
+[ ] Can compile from source
+
+To learn more about Apache Fesod , please see https://fesod.apache.org/
+```
+
+### 3.1.2 Complete Vote
+
+Publish the vote pass email.
+
+```text
+Hi Community,
+
+
+The vote to release Apache Fesod (Incubating) vx.x.x-RCN has passed
+with 3 +1 binding votes, and no +0 or -1 votes.
+
+3 (+1 binding)
+
+- XXX
+
+- XXX
+
+- XXX
+
+no further 0 or -1 votes.
+
+
+The vote thread:
+Link to the corresponding voting email thread, e.g.:
+https://lists.apache.org/thread/rwco6lms9qo10whjj8gg1dr8j7drl2gf
+
+Thank you for reviewing and voting for our release candidate.
+
+We will soon launch the second stage of voting.
+```
+
+## 3.2 Vote in Incubator
+
+### 3.2.1 Vote in Incubator
+
+Similar to the community vote, but requires adding the community vote thread link to prove that consensus has been reached within the community.
+
+Send email to `general@incubator.apache.org`
+
+Subject:
+
+`[VOTE]Release Apache Fesod (Incubating) x.x.x-RCN`
+
+**The vote lasts for at least 72 hours and requires 3 +1 binding votes.**
+
+```text
+Hello everyone,
+
+This is a call for vote to release Apache Fesod(incubating) vx.x.x
+
+The Apache Fesod community has voted and approved the release of Apache
+Fesod(incubating) vx.x.x. We now kindly request the IPMC members
+review and vote for this release.
+
+
+The vote thread:
+Link to the voting thread in the community, e.g.:
+https://lists.apache.org/thread/r6hsbb9tmsqmn9s7q9qptv3z287lkcbf
+
+Vote Result:
+Link to the vote result thread in the community, e.g.:
+https://lists.apache.org/thread/r6hsbb9tmsqmn9s7q9qptv3z287lkcbf
+
+The release candidates:
+https://dist.apache.org/repos/dist/dev/incubator/fesod/x.x.x/
+
+The staging repo:
+https://repository.apache.org/content/repositories/$
+
+Git tag for the release:
+https://github.com/apache/fesod/releases/tag/vx.x.x
+
+Hash for the release tag:
+The commit ID of the last commit on the tag branch
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/vx.x.x
+
+The artifacts have been signed with Key [ key-id ], corresponding
+to
+[ Email e.g. xxxx@apache.org ]
+which can be found in the keys file:
+https://downloads.apache.org/incubator/fesod/KEYS
+
+Build Environment: JDK 8+, Apache Maven 3.6.0+.
+/mvnw clean package -DskipTests=true
+
+The vote will be open for at least 72 hours.
+
+Please vote accordingly:
+
+[ ] +1 approve
+[ ] +0 no opinion
+[ ] -1 disapprove with the reason
+
+Checklist for reference:
+
+[ ] Download links are valid.
+[ ] Checksums and signatures.
+[ ] LICENSE/NOTICE files exist
+[ ] No unexpected binary files
+[ ] All source files have ASF headers
+[ ] Can compile from source
+
+To learn more about Apache Fesod , please see https://fesod.apache.org/
+```
+
+### 3.2.2 Announce Incubator Vote Result
+
+After 72 hours, if there are at least 3 passing votes and no opposing votes, send the result email referencing the following template.
+
+Send email to `general@incubator.apache.org`
+
+Subject: `[RESULT][VOTE] Release Apache Fesod (incubating) x.x.x-RCN`
+
+```text
+Hi Incubator PMC,
+
+The vote to release Apache Fesod(incubating) X.X.X-RCN has passed with
+3 +1 binding and 1 +1 non-binding votes, no +0 or -1 votes.
+
+Binding votes：
+
+- XXX
+- XXX
+- XXX
+
+Non-Binding votes:
+
+- XXX
+
+Vote thread:
+https://lists.apache.org/thread/o7vwdvtolclcv1y4j4ozshj923ppwlnl
+
+Thanks for reviewing and voting for our release candidate. We will
+proceed with publishing the approved artifacts and sending out the
+announcement soon.
+```
+
+# 4. Finalize Release
+
+## 4.1 Release Version
+
+1. From the Apache Nexus repository, select the previously closed **orgapachefesod-XXX** and click the `Release` icon.
+2. Move the signature files, src, and bin from the dev path to the release path, referring to the following command:
+   `svn mv https://dist.apache.org/repos/dist/dev/incubator/fesod/x.x.x-RCN https://dist.apache.org/repos/dist/release/incubator/fesod/x.x.x -m "Release Fesod X.X.X"`
+3. Set the previous release note to "Set as the latest release" and submit.
+4. Update the x.x.x documentation on the Fesod official website, and add the corresponding download links for binary and source.
+
+## 4.2 Announcement
+
+Send email to `general@incubator.apache.org`
+
+Subject: `[ANNOUNCE] Apache Fesod(Incubating) vx.x.x available`
+
+```text
+Hi All,
+
+The Apache Fesod(Incubating) vx.x.x has been released!
+
+Apache Fesod is an easy-to-use, high-performance, open source distributed transaction solution.
+
+Download Links: [https://fesod.apache.org/download/fesod/
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/vx.x.x/
+
+Website: https://fesod.apache.org/
+
+Resources:
+- Issue: https://github.com/apache/fesod/issues
+- Mailing list: dev@fesod.apache.org
+```
diff --git a/website/community/release/verify-release.md b/website/community/release/verify-release.md
index 316864278..13713919a 100644
--- a/website/community/release/verify-release.md
+++ b/website/community/release/verify-release.md
@@ -149,9 +149,10 @@ Manually check the following files in the root directory:
 
 * [ ] **LICENSE:** Exists and contains the Apache License 2.0.
 * [ ] **NOTICE:**
-* Exists.
-* Copyright year is current (e.g., includes 2025/2026).
-* Contains required attributions for bundled dependencies (if any).
+* * Exists.
+* * Copyright year is current (e.g., includes 2025/2026).
+* * Contains required attributions for bundled dependencies (if any).
+* [ ] **DISCLAIMER：** Exists.
 
 ### 4. Email Reply Templates
 
diff --git a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
index 7d188176d..d212175b6 100644
--- a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
+++ b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
@@ -3,4 +3,513 @@ id: 'release-version'
 title: '如何发布版本'
 ---
 
-本教程详细描述了如何发布 Apache Fesod (Incubating) 版本，以2.0.0版本的发布为例进行说明。
+# 1. 前言
+
+## 1.1 Apache 版本发布文档
+
+参考以下链接，了解 ASF 版本发布流程：
+
+- [Apache Release Guide](http://www.apache.org/dev/release-publishing)
+- [Apache Release Policy](http://www.apache.org/dev/release.html)
+- [Maven Release Info](http://www.apache.org/dev/publishing-maven-artifacts.html)
+
+## 1.2 PGP 签名
+
+遵循 Apache 版本发布指南，对发布版本签名，用户也可据此判断下载的版本是否被篡改。
+
+创建 `pgp` 密钥用于版本签名，使用 **\<your Apache ID>@apache.org** 作为密钥 USER-ID
+
+详情可参考 [Apache Releases Signing documentation](https://infra.apache.org/release-signing)，[Cryptography with OpenPGP](http://www.apache.org/dev/openpgp.html)
+
+生成密钥的简要流程：
+
+- 通过`gpg --full-gen-key` 生成一个新的 `gpg` 密钥, 设置密钥长度为 4096
+
+  注：可设置永不过期，也可根据自己需求设置一定的过期时间，但需要在过期后更新的公钥到[DEV KEYS file](https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS) 和 [RELEASE KEYS file](https://dist.apache.org/repos/dist/release/incubator/fesod/KEYS)
+
+- 通过 `gpg --keyserver keys.openpgp.org --send-key <your key id>` 上传密钥到公钥服务器
+
+  注：如若访问不通，可通过[OpenPGP Keyserver (ubuntu.com)](https://keyserver.ubuntu.com/) 在线上传公钥
+
+  ```bash
+  使用该命令可查到keyid如：gpg --list-signatures --keyid-format LONG
+  pub   rsa4096/XXXXXXXX 2025-12-15 [SC] [有效至：2027-12-15]
+        F2D3A28A392129B927C7FB42XXXXXXXX
+  uid                   [ 绝对 ] xxxx <xxxx@apache.org>
+  sig 3        XXXXXXXX 2025-12-15  [自签名]
+  sub   rsa4096/XXXXX 2025-12-15 [E] [有效至：2027-12-15]
+  sig          XXXXXXXX 2025-12-15  [自签名]
+  ```
+
+- 通过 `gpg --armor --output ./public-key.txt --export XXXXXXXX` 导出公钥到文本文件
+
+- 将生成的密钥追加到[DEV KEYS file](https://dist.apache.org/repos/dist/dev/incubator/fesod/KEYS) 和 [RELEASE KEYS file](https://dist.apache.org/repos/dist/release/incubator/fesod/KEYS)
+
+注意：
+
+DEV SVN 仓库可以由 Release Manager 自行添加，Release SVN 仓库需要 PMC 权限，可以由 PMC 协助将 KEY 进行上传。
+
+**Tips:** 需要设置默认公钥, 若有多个公钥，请修改 `~/.gnupg/gpg.conf`
+
+参考示例：
+
+```text
+gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+  (1) RSA and RSA (default)
+  (2) DSA and Elgamal
+  (3) DSA (sign only)
+  (4) RSA (sign only)
+Your selection? 1
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (2048) 4096
+Requested keysize is 4096 bits
+Please specify how long the key should be valid.
+        0 = key does not expire
+     <n>  = key expires in n days
+     <n>w = key expires in n weeks
+     <n>m = key expires in n months
+     <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) y
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: （设置用户名）(使用apache id)
+Email address: （设置邮件地址）(使用apache邮箱)
+Comment: （填写注释）
+You selected this USER-ID:
+   "用户名 (注释) <邮件地址>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+You need a Passphrase to protect your secret key. （设置密码）
+```
+
+将生成的公钥和私钥转化为 ASCII 形式：
+
+```bash
+gpg --armor --output ./public-key.txt --export XXXXXXXX
+gpg --armor --output ./private-key.txt --export-secret-keys XXXXXXXX
+```
+
+查看密钥列表：
+
+```text
+[root@localhost ~]# gpg --list-signatures --keyid-format LONG
+[keyboxd]
+---------
+pub   rsa4096/XXXXXXXX 2025-12-15 [SC] [有效至：2027-12-15]
+      D71C9B1CA898A2408D55EDCXXXXXXXX
+uid                   [ 绝对 ] xxxx <xxxx@apache.org>
+sig 3        XXXXXXXX 2025-12-15  [自签名]
+sub   rsa4096/XXXXX 2025-12-15 [E] [有效至：2027-12-15]
+sig          XXXXXXXX 2025-12-15  [自签名]
+```
+
+上传公钥到公钥服务器
+
+```bash
+[root@localhost gpgtest]# gpg --keyserver keys.openpgp.org --send-key XXXXXXXX
+gpg: sending key XXXXXXXX to hkp server keys.openpgp.org
+```
+
+## 1.3 POM 配置
+
+配置 POM 文件，以便将版本部署到 ASF Nexus 仓库。
+
+① 添加 Apache POM 继承默认设置
+
+```xml
+<parent>
+    <groupId>org.apache</groupId>
+    <artifactId>apache</artifactId>
+    <version>31</version>
+</parent>
+```
+
+② Maven 配置文件 `settings.xml` 中添加密钥信息
+
+```xml
+<settings>
+    <profiles>
+        <profile>
+            <id>signed_release</id>
+            <properties>
+                <mavenExecutorId>forked-path</mavenExecutorId>
+                <gpg.keyname>yourKeyName</gpg.keyname>
+          <deploy.url>https://dist.apache.org/repos/dist/dev/incubator/fesod/</deploy.url>
+            </properties>
+        </profile>
+    </profiles>
+    <servers>
+        <!-- To publish a snapshot of some part of Maven -->
+        <server>
+            <id>apache.snapshots.https</id>
+            <username>yourApacheID</username>
+            <!-- Use the password encryption by maven -->
+            <password>yourApachePassword</password>
+        </server>
+        <!-- To stage a release of some part of Maven -->
+        <server>
+            <id>apache.releases.https</id>
+            <username>yourApacheID</username>
+            <password>yourApachePassword</password>
+        </server>
+        <server>
+            <id>gpg.passphrase</id>
+            <passphrase>yourKeyPassword</passphrase>
+        </server>
+    </servers>
+</settings>
+```
+
+**Tips:** 推荐使用 [Maven's password encryption capabilities](http://maven.apache.org/guides/mini/guide-encryption.html) 加密 `gpg.passphrase`
+
+# 2.发布流程
+
+## 2.1 准备分支
+
+从主干分支拉取新分支作为发布分支，如现在要发布 `${release_version}` 版本，则从开发分支拉出新分支 `${release_version}`，此后`${release_version}` Release Candidates 涉及的修改及打标签等都在`${release_version}`分支进行，并保证该分支的github actions ci全部通过，最终发布完成后合入主干分支。
+
+例：如 Java SDK 需要发布 `2.2.0-incubating` 版本，从 `main` 分支拉出新分支 `release-2.2.0-incubating`，并在此分支提交从 Snapshot版本号 替换为 `2.2.0-incubating` 版本号的 commit。
+
+### 2.2 预发布二进制包和源码
+
+### 2.2.1 SDK根据 [publishing maven artifacts](https://infra.apache.org/publishing-maven-artifacts.html) [4] 的说明准备发布
+
+```bash
+mvn clean deploy -Papache-release -DskipTests -Dgpg.skip=false
+```
+
+此时，fesod sdk被发布到 [预发仓库](https://repository.apache.org/#stagingRepositories) （需要apache账号密码登录），找到发布的版本，即 `${STAGING.RELEASE}`， 并点击 Close。
+
+注：如果close失败很可能是因为签名的秘钥对应的公钥在keys.openpgp.org中无法获取到，请自行通过[OpenPGP Keyserver (ubuntu.com)](https://keyserver.ubuntu.com/) 检查
+
+### 2.2.2 打包源代码 (Package Source)
+
+首先，确认当前代码库处于准备发布的状态。
+
+```bash
+# 1. 切换到主分支并更新
+git checkout main
+git pull
+
+# 2. 创建 GPG 签名的 Tag
+# 注意：请确保 -m 中的内容准确
+git tag -s 2.0.0-incubating-rc1 -m "release: release for 2.0.0-incubating RC1"
+
+# 3. 推送 Tag 到远程仓库
+git push git@github.com:apache/fesod.git 2.0.0-incubating-rc1
+```
+
+使用 `git archive` 确保源码包的纯净（不包含 .git 目录或其他忽略文件）。
+
+```bash
+# 1. 导出源码包
+git archive --format=tar.gz \
+  --prefix=apache-fesod-2.0.0-incubating-src/ \
+  -o apache-fesod-2.0.0-incubating-src.tar.gz \
+  e7546d1138d4d3a638df10193a4c29c50a7e55d8
+```
+
+> **注意**：这里的 hash `e7546d11...` 对应 tag `2.0.0-incubating-rc1` 的 commit hash。
+
+### 2.2.3 签名与校验 (Sign and Hash)
+
+对生成的源码包进行 GPG 签名和 SHA512 计算。
+
+```bash
+# 1. GPG 签名 (.asc)
+for i in *.tar.gz; do 
+  echo "Signing $i"; 
+  gpg --armor --output $i.asc --detach-sig $i ; 
+done
+
+# 2. 生成 SHA512 校验和 (.sha512)
+for i in *.tar.gz; do 
+  echo "Hashing $i"; 
+  sha512sum $i > $i.sha512 ; 
+done
+
+# 3. 验证 (可选)
+gpg --verify apache-fesod-2.0.0-incubating-src.tar.gz.asc apache-fesod-2.0.0-incubating-src.tar.gz
+sha512sum -c apache-fesod-2.0.0-incubating-src.tar.gz.sha512
+```
+
+### 2.2.4 上传源码包至 SVN (Upload to Dist)
+
+将签好名的源码包上传到 Apache 开发分发区 (`dist/dev`)。
+
+```bash
+# 1. 检出 SVN dev 仓库
+svn co https://dist.apache.org/repos/dist/dev/incubator/fesod/ fesod-dev
+cd fesod-dev
+
+# 2. 创建版本目录
+mkdir 2.0.0-incubating-rc1
+cd 2.0.0-incubating-rc1
+
+# 3. 复制文件 (假设文件在上一级目录)
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz .
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz.asc .
+cp ../../apache-fesod-2.0.0-incubating-src.tar.gz.sha512 .
+
+# 4. 提交到 SVN
+cd ..
+svn add 2.0.0-incubating-rc1
+svn commit -m "Add 2.0.0-incubating-rc1 source release"
+```
+
+---
+
+# 3.投票阶段
+
+## 3.1 社区内部投票
+
+**投票持续至少 72 小时并获得 3 个+1 binding票**
+
+发送至：
+
+```mail
+dev@fesod.apache.org
+```
+
+标题：
+
+`[VOTE]Release Apache Fesod (Incubating) x.x.x-RCN (RoundN)`
+
+RC N和Round N的N代表次数，该版本的第几次投票
+
+正文：
+
+```text
+Hi Fesod Community,
+
+This is a call for vote to release Apache Fesod(incubating) 2.0.0-incubating.
+
+The release candidates:
+https://dist.apache.org/repos/dist/dev/incubator/fesod/2.0.0-incubating-rc1
+
+The staging repo:
+https://repository.apache.org/content/repositories/orgapachefesod-1016
+
+Git tag for the release:
+https://github.com/apache/fesod/releases/tag/2.0.0-incubating-rc1
+
+Hash for the release tag:
+e7546d1138d4d3a638df10193a4c29c50a7e55d8
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/2.0.0-incubating-rc1
+
+The artifacts have been signed with Key [ 72D5936C ], corresponding
+to
+[ psxjoy@apache.org ]
+which can be found in the keys file:
+https://downloads.apache.org/incubator/fesod/KEYS
+
+Build Environment: JDK 8+, Apache Maven 3.6.0+.
+./mvnw clean package -DskipTests
+
+
+The vote will be open for at least 72 hours.
+
+Please vote accordingly:
+
+[ ] +1 approve
+[ ] +0 no opinion
+[ ] -1 disapprove with the reason
+
+Checklist for reference:
+
+[ ] Download links are valid.
+[ ] Checksums and signatures.
+[ ] LICENSE/NOTICE files exist
+[ ] No unexpected binary files
+[ ] All source files have ASF headers
+[ ] Can compile from source
+
+To learn more about Apache Fesod , please see https://fesod.apache.org/
+```
+
+### 3.1.2 完成投票
+
+发布投票通过邮件
+
+```text
+Hi Community,
+
+
+The vote to release Apache Fesod (Incubating) vx.x.x-RCN has passed
+with 3 +1 binding votes, and no +0 or -1 votes.
+
+3 (+1 binding)
+
+- XXX
+
+- XXX
+
+- XXX
+
+no further 0 or -1 votes.
+
+
+The vote thread:
+所对应投票邮件的thread链接，如:
+https://lists.apache.org/thread/rwco6lms9qo10whjj8gg1dr8j7drl2gf
+
+Thank you for reviewing and voting for our release candidate.
+
+We will soon launch the second stage of voting.
+```
+
+## 3.2 孵化器投票
+
+### 3.2.1 孵化器中投票
+
+与社区投票类似，但是需要增加社区投票相关的thread链接，以证明已在社区内达成一致
+
+发送邮件至 `general@incubator.apache.org`
+
+标题：
+
+`[VOTE]Release Apache Fesod (Incubating) x.x.x-RCN`
+
+**投票持续至少 72 小时并获得 3 个+1 binding票**
+
+```text
+Hello everyone,
+
+This is a call for vote to release Apache Fesod(incubating) vx.x.x
+
+The Apache Fesod community has voted and approved the release of Apache
+Fesod(incubating) vx.x.x. We now kindly request the IPMC members
+review and vote for this release.
+
+
+The vote thread:
+社区中投票的thread链接, 如：
+https://lists.apache.org/thread/r6hsbb9tmsqmn9s7q9qptv3z287lkcbf
+
+Vote Result:
+社区中投票通过的result thread链接，如：
+https://lists.apache.org/thread/r6hsbb9tmsqmn9s7q9qptv3z287lkcbf
+
+The release candidates:
+https://dist.apache.org/repos/dist/dev/incubator/fesod/x.x.x/
+
+The staging repo:
+https://repository.apache.org/content/repositories/${STAGING.RELEASE}/
+
+Git tag for the release:
+https://github.com/apache/fesod/releases/tag/vx.x.x
+
+Hash for the release tag:
+tag分支最后一条commit的id
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/vx.x.x
+
+The artifacts have been signed with Key [ key-id ], corresponding
+to
+[ 邮箱如xxxx@apache.org ]
+which can be found in the keys file:
+https://downloads.apache.org/incubator/fesod/KEYS
+
+Build Environment: JDK 8+, Apache Maven 3.6.0+.
+/mvnw clean package -DskipTests=true
+
+The vote will be open for at least 72 hours.
+
+Please vote accordingly:
+
+[ ] +1 approve
+[ ] +0 no opinion
+[ ] -1 disapprove with the reason
+
+Checklist for reference:
+
+[ ] Download links are valid.
+[ ] Checksums and signatures.
+[ ] LICENSE/NOTICE files exist
+[ ] No unexpected binary files
+[ ] All source files have ASF headers
+[ ] Can compile from source
+
+To learn more about Apache Fesod , please see https://fesod.apache.org/
+```
+
+### 3.2.2 公示孵化器投票结果
+
+72 小时后，若至少有 3 票通过而没有反对票，则参考如下邮件进行发送结果
+
+发送邮件至 `general@incubator.apache.org`
+
+标题：`[RESULT][VOTE] Release Apache Fesod (incubating) x.x.x-RCN`
+
+```text
+Hi Incubator PMC,
+
+The vote to release Apache Fesod(incubating) X.X.X-RCN has passed with
+3 +1 binding and 1 +1 non-binding votes, no +0 or -1 votes.
+
+Binding votes：
+
+- XXX
+- XXX
+- XXX
+
+Non-Binding votes:
+
+- XXX
+
+Vote thread:
+https://lists.apache.org/thread/o7vwdvtolclcv1y4j4ozshj923ppwlnl
+
+Thanks for reviewing and voting for our release candidate. We will
+proceed with publishing the approved artifacts and sending out the
+announcement soon.
+```
+
+# 4.完成发布
+
+## 4.1 release 版本
+
+1. 从Apache Nexus 仓库, 选择之前进行close过的的 **orgapachefesod-XXX** 点击 `Release` 图标发布
+
+2. 将dev下的签名文件、src、bin移动到release路径下，参考如下命令：
+
+   `svn mv https://dist.apache.org/repos/dist/dev/incubator/fesod/x.x.x-RCN https://dist.apache.org/repos/dist/release/incubator/fesod/x.x.x -m "Release Fesod X.X.X"`
+
+3. 将之前release note设置为Set as the latest release并提交
+
+4. 将x.x.x的文档更新至fesod官网中，并补充对应binary和source的下载链接
+
+## 4.2 版本公示
+
+发送邮件至 `general@incubator.apache.org`
+
+标题 `[ANNOUNCE] Apache Fesod(Incubating) vx.x.x available`
+
+```text
+Hi All,
+
+The Apache Fesod(Incubating) vx.x.x has been released!
+
+Apache Fesod is an easy-to-use, high-performance, open source distributed transaction solution.
+
+Download Links: https://fesod.apache.org/download/fesod/
+
+Release Notes:
+https://github.com/apache/fesod/releases/tag/vx.x.x/
+
+Website: https://fesod.apache.org/
+
+Resources:
+- Issue: https://github.com/apache/fesod/issues
+- Mailing list: dev@fesod.apache.org
+```
diff --git a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
index 89acc5a2d..3cc66c764 100644
--- a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
+++ b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
@@ -161,11 +161,11 @@ find . -name rat.txt -print0 | xargs -0 -I file cat file | grep "Unapproved Lice
 
 * [ ] **LICENSE 文件：** 存在且内容标准 (Apache License 2.0)。
 * [ ] **NOTICE 文件：**
-* 存在。
-* 年份正确 (例如包含 2025/2026)。
-* 如果引入了其他必须在 NOTICE 中声明的依赖，需确认已包含。
+* * 存在
+* * 年份正确 (例如包含 2025/2026)。
+* * 如果引入了其他必须在 NOTICE 中声明的依赖，需确认已包含。=
 
-* [ ] **DISCLAIMER 文件：** 存在（孵化项目必须）。
+* [ ] **DISCLAIMER 文件：** 存在（孵化项目必须存在）。
 
 ### 4. 邮件回复示例
 

From 54fb63eb8e19d066217a209488b3c1c4ca5b385f Mon Sep 17 00:00:00 2001
From: Shuxin Pan <psxjoy@apache.org>
Date: Tue, 13 Jan 2026 18:17:58 +0800
Subject: [PATCH 3/5] feature: enhance release verification documentation with
 detailed PGP signing and POM configuration steps

---
 .../current/release/verify-release.md                           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
index 3cc66c764..226fca865 100644
--- a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
+++ b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/verify-release.md
@@ -163,7 +163,7 @@ find . -name rat.txt -print0 | xargs -0 -I file cat file | grep "Unapproved Lice
 * [ ] **NOTICE 文件：**
 * * 存在
 * * 年份正确 (例如包含 2025/2026)。
-* * 如果引入了其他必须在 NOTICE 中声明的依赖，需确认已包含。=
+* * 如果引入了其他必须在 NOTICE 中声明的依赖，需确认已包含。
 
 * [ ] **DISCLAIMER 文件：** 存在（孵化项目必须存在）。
 

From aab03b6232b1d182f02486a2a484f565a3d7c04f Mon Sep 17 00:00:00 2001
From: Shuxin Pan <psxjoy@apache.org>
Date: Mon, 19 Jan 2026 11:03:03 +0800
Subject: [PATCH 4/5] feature: update release verification documentation with
 warnings about local directory usage and compliance issues

---
 website/community/release/release-version.md           |  9 +++++++++
 .../current/release/release-version.md                 | 10 ++++++++++
 2 files changed, 19 insertions(+)

diff --git a/website/community/release/release-version.md b/website/community/release/release-version.md
index 2b6d6684b..25d992214 100644
--- a/website/community/release/release-version.md
+++ b/website/community/release/release-version.md
@@ -188,6 +188,15 @@ At this point, the Fesod SDK is published to the [Staging Repository](https://re
 Note: If the close operation fails, it is likely because the public key corresponding to the signing key cannot be found on keys.openpgp.org. Please check via [OpenPGP Keyserver (ubuntu.com)](https://keyserver.ubuntu.com/).
 
 ### 2.2.2 Package Source
+:::caution Note
+Do NOT run the release process in your daily working directory!
+:::
+
+> Local files such as `node_modules`, IDE configurations (e.g., `.idea`, `.vscode`), or leftover empty directories from refactoring can accidentally be packaged into the `source-release.zip`. This will cause compliance issues (e.g., distributing unauthorized binaries) and lead to vote failures.
+
+You **MUST** perform the release process in a **fresh git clone** to ensure the artifacts are reproducible and clean.
+
+**Note**: Do not open this directory with an IDE (like IntelliJ or VS Code) immediately, as it may generate configuration files or compilation caches. Run the Maven release commands directly from the terminal first.
 
 First, confirm that the current codebase is ready for release.
 
diff --git a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
index d212175b6..7374c05c9 100644
--- a/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
+++ b/website/i18n/zh-cn/docusaurus-plugin-content-docs-community/current/release/release-version.md
@@ -191,6 +191,16 @@ mvn clean deploy -Papache-release -DskipTests -Dgpg.skip=false
 
 ### 2.2.2 打包源代码 (Package Source)
 
+:::caution 注意
+请勿在日常工作目录中运行发布流程！
+:::
+
+> 诸如 `node_modules`、IDE 配置文件（例如 `.idea`、`.vscode`）或重构后残留的空目录等本地文件，可能意外被打包到 `source-release.zip` 中。这将导致合规性问题（例如分发未经授权的二进制文件），并引发投票失败。
+
+您**必须**在**全新克隆的Git仓库**中执行发布流程，以确保构建产物可复现且干净。
+
+**注意**：请勿立即用IDE（如IntelliJ或VS Code）打开此目录，否则可能生成配置文件或编译缓存。请先在终端直接运行Maven发布命令。
+
 首先，确认当前代码库处于准备发布的状态。
 
 ```bash

From 370fa3ad6b415e6c422617f85bc6cfade0c8fd67 Mon Sep 17 00:00:00 2001
From: Shuxin Pan <psxjoy@apache.org>
Date: Mon, 19 Jan 2026 11:13:52 +0800
Subject: [PATCH 5/5] feature: update release verification documentation with
 warnings about local directory usage and compliance issues

---
 website/community/release/release-version.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/website/community/release/release-version.md b/website/community/release/release-version.md
index 25d992214..3a5d33c4d 100644
--- a/website/community/release/release-version.md
+++ b/website/community/release/release-version.md
@@ -188,6 +188,7 @@ At this point, the Fesod SDK is published to the [Staging Repository](https://re
 Note: If the close operation fails, it is likely because the public key corresponding to the signing key cannot be found on keys.openpgp.org. Please check via [OpenPGP Keyserver (ubuntu.com)](https://keyserver.ubuntu.com/).
 
 ### 2.2.2 Package Source
+
 :::caution Note
 Do NOT run the release process in your daily working directory!
 :::