You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Christoph Läubrich (Jira)" <ji...@apache.org> on 2022/10/09 04:52:00 UTC
[jira] [Created] (MNG-7560) Provide a standard way to access the PGP signature for an artifact
Christoph Läubrich created MNG-7560:
---------------------------------------
Summary: Provide a standard way to access the PGP signature for an artifact
Key: MNG-7560
URL: https://issues.apache.org/jira/browse/MNG-7560
Project: Maven
Issue Type: Improvement
Reporter: Christoph Läubrich
I recently needed to access the PGP signature of an artifact but found two problems:
# It was surprisingly hard to get hold of it, I ended up in creating another artifact request for a special type so maven downloads it
# I instantly was presented with a warning like described here: https://github.com/s4u/pgpverify-maven-plugin/issues/53
It would be good if maven would contain a method (e.g. in the ArtifactSystem or somwhere else) that allows to get the signature of an artifact, or some option when downloading an artifact that says what additional checksum (sha512 for example) or signatures (asc for example) should be made available alongside in the local repository.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)