You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Christoph Läubrich (Jira)" <ji...@apache.org> on 2022/10/09 04:52:00 UTC

[jira] [Created] (MNG-7560) Provide a standard way to access the PGP signature for an artifact

Christoph Läubrich created MNG-7560:
---------------------------------------

             Summary: Provide a standard way to access the PGP signature for an artifact
                 Key: MNG-7560
                 URL: https://issues.apache.org/jira/browse/MNG-7560
             Project: Maven
          Issue Type: Improvement
            Reporter: Christoph Läubrich


I recently needed to access the PGP signature of an artifact but found two problems:

# It was surprisingly hard to get hold of it, I ended up in creating another artifact request for a special type so maven downloads it
# I instantly was presented with a warning like described here: https://github.com/s4u/pgpverify-maven-plugin/issues/53

It would be good if maven would contain a method (e.g. in the ArtifactSystem or somwhere else) that allows to get the signature of an artifact, or some option when downloading an artifact that says what additional checksum  (sha512 for example) or signatures (asc for example) should be made available alongside in the local repository.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)