You are viewing a plain text version of this content. The canonical link for it is here.
Posted to repository@apache.org by Henk Penning <he...@apache.org> on 2009/04/03 20:19:18 UTC
[gsingers] your MAVEN repo artifacts
Hi Grant Ingersoll,
I keep an eye on the apache Maven repo, and I noticed that :
-- you own 14 unsigned artifacts
For more info on problems, please see
http://people.apache.org/~henkp/repo/
Info on how to fix this, can be found in the FAQ :
http://people.apache.org/~henkp/repo/faq.html
Thanks a lot,
Regards,
Henk Penning -- apache.org infrastructure
---------------------------------------------------------------- _
Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ _
Dept of Computer Science, Utrecht University T +31 30 253 4106 / _/
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 _/ _/
http://www.cs.uu.nl/staff/henkp.html M penning@cs.uu.nl _/
RE: [gsingers] your MAVEN repo artifacts
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
>grant--
>do you have a release profile that runs the gpg plugin?
That's right, your project needs to add that to its own release profile.
I suppose we could bump that up to the apache parent pom, but that would
then force every project to get gpg installed so it runs during their
build. I know of at least one person who intentionally signs their stuff
separately to keep their key completely offline. Forcing the signature
on that person's project probably isn't a great thing to do, rather
checking after the fact like happens now is better.
Re: [gsingers] your MAVEN repo artifacts
Posted by "Henk P. Penning" <he...@cs.uu.nl>.
On Sat, 4 Apr 2009, David Jencks wrote:
> Date: Sat, 4 Apr 2009 09:23:46 -0700
> From: David Jencks <da...@yahoo.com>
> To: repository@apache.org
> Subject: Re: [gsingers] your MAVEN repo artifacts
> henk -- for the faq
>
> Q: How do I provide PGP signatures ?
>
> A. Use a release profile that includes the gpg plugin. The one used for
> maven components is discussed here:
> http://maven.apache.org/developers/release/releasing.html
> and the one for geronimo here:
> http://cwiki.apache.org/GMOxPMGT/geronimo-server-release-process.html
> There are plenty of other examples at apache.
>
> david jencks
David,
thanks a lot for providing this answer for the faq.
Regards,
HPP
---------------------------------------------------------------- _
Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ \_
Dept of Computer Science, Utrecht University T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804 \_/ \_/
http://people.cs.uu.nl/henkp/ M penning@cs.uu.nl \_/
Re: [gsingers] your MAVEN repo artifacts
Posted by David Jencks <da...@yahoo.com>.
On Apr 4, 2009, at 5:54 AM, Grant Ingersoll wrote:
> Hmm, so much for Maven doing this automatically when I generate
> artifacts... I'll fix them.
grant--
do you have a release profile that runs the gpg plugin?
henk -- for the faq
Q: How do I provide PGP signatures ?
A. Use a release profile that includes the gpg plugin. The one used
for maven components is discussed here:
http://maven.apache.org/developers/release/releasing.html
and the one for geronimo here:
http://cwiki.apache.org/GMOxPMGT/geronimo-server-release-process.html
There are plenty of other examples at apache.
david jencks
>
>
> On Apr 3, 2009, at 2:19 PM, Henk Penning wrote:
>
>> Hi Grant Ingersoll,
>>
>> I keep an eye on the apache Maven repo, and I noticed that :
>>
>> -- you own 14 unsigned artifacts
>>
>> For more info on problems, please see
>>
>> http://people.apache.org/~henkp/repo/
>>
>> Info on how to fix this, can be found in the FAQ :
>>
>> http://people.apache.org/~henkp/repo/faq.html
>>
>> Thanks a lot,
>>
>> Regards,
>>
>> Henk Penning -- apache.org infrastructure
>>
>> ---------------------------------------------------------------- _
>> Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ _
>> Dept of Computer Science, Utrecht University T +31 30 253 4106 / _/
>> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 _/ _/
>> http://www.cs.uu.nl/staff/henkp.html M penning@cs.uu.nl _/
>
> --------------------------
> Grant Ingersoll
> http://www.lucidimagination.com/
>
> Search the Lucene ecosystem (Lucene/Solr/Nutch/Mahout/Tika/Droids)
> using Solr/Lucene:
> http://www.lucidimagination.com/search
>
Re: [gsingers] your MAVEN repo artifacts
Posted by Grant Ingersoll <gs...@apache.org>.
Hmm, so much for Maven doing this automatically when I generate
artifacts... I'll fix them.
On Apr 3, 2009, at 2:19 PM, Henk Penning wrote:
> Hi Grant Ingersoll,
>
> I keep an eye on the apache Maven repo, and I noticed that :
>
> -- you own 14 unsigned artifacts
>
> For more info on problems, please see
>
> http://people.apache.org/~henkp/repo/
>
> Info on how to fix this, can be found in the FAQ :
>
> http://people.apache.org/~henkp/repo/faq.html
>
> Thanks a lot,
>
> Regards,
>
> Henk Penning -- apache.org infrastructure
>
> ---------------------------------------------------------------- _
> Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ _
> Dept of Computer Science, Utrecht University T +31 30 253 4106 / _/
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 _/ _/
> http://www.cs.uu.nl/staff/henkp.html M penning@cs.uu.nl _/
--------------------------
Grant Ingersoll
http://www.lucidimagination.com/
Search the Lucene ecosystem (Lucene/Solr/Nutch/Mahout/Tika/Droids)
using Solr/Lucene:
http://www.lucidimagination.com/search