You are viewing a plain text version of this content. The canonical link for it is here.

Posted to repository@apache.org by Henk Penning <he...@apache.org> on 2009/04/03 20:19:18 UTC

[gsingers] your MAVEN repo artifacts

Hi Grant Ingersoll,

  I keep an eye on the apache Maven repo, and I noticed that :

  -- you own 14 unsigned artifacts

  For more info on problems, please see

    http://people.apache.org/~henkp/repo/

  Info on how to fix this, can be found in the FAQ :

    http://people.apache.org/~henkp/repo/faq.html

  Thanks a lot,

  Regards,

  Henk Penning -- apache.org infrastructure

----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ _
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / _/ 
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 _/ _/
http://www.cs.uu.nl/staff/henkp.html          M penning@cs.uu.nl  _/

RE: [gsingers] your MAVEN repo artifacts

Posted by "Brian E. Fox" <br...@reply.infinity.nu>.

>grant--
>do you have a release profile that runs the gpg plugin?

That's right, your project needs to add that to its own release profile.
I suppose we could bump that up to the apache parent pom, but that would
then force every project to get gpg installed so it runs during their
build. I know of at least one person who intentionally signs their stuff
separately to keep their key completely offline. Forcing the signature
on that person's project probably isn't a great thing to do, rather
checking after the fact like happens now is better.

Re: [gsingers] your MAVEN repo artifacts

Posted by "Henk P. Penning" <he...@cs.uu.nl>.

On Sat, 4 Apr 2009, David Jencks wrote:

> Date: Sat, 4 Apr 2009 09:23:46 -0700
> From: David Jencks <da...@yahoo.com>
> To: repository@apache.org
> Subject: Re: [gsingers] your MAVEN repo artifacts

> henk -- for the faq
>
> Q: How do I provide PGP signatures ?
>
> A. Use a release profile that includes the gpg plugin.  The one used for 
> maven components is discussed here:
> http://maven.apache.org/developers/release/releasing.html
> and the one for geronimo here:
> http://cwiki.apache.org/GMOxPMGT/geronimo-server-release-process.html
> There are plenty of other examples at apache.
>
> david jencks

David,

   thanks a lot for providing this answer for the faq.

   Regards,

   HPP

----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804 \_/ \_/
http://people.cs.uu.nl/henkp/                 M penning@cs.uu.nl  \_/

Re: [gsingers] your MAVEN repo artifacts

Posted by David Jencks <da...@yahoo.com>.

On Apr 4, 2009, at 5:54 AM, Grant Ingersoll wrote:

> Hmm, so much for Maven doing this automatically when I generate  
> artifacts...  I'll fix them.

grant--
do you have a release profile that runs the gpg plugin?


henk -- for the faq

Q: How do I provide PGP signatures ?

A. Use a release profile that includes the gpg plugin.  The one used  
for maven components is discussed here:
http://maven.apache.org/developers/release/releasing.html
and the one for geronimo here:
http://cwiki.apache.org/GMOxPMGT/geronimo-server-release-process.html
There are plenty of other examples at apache.

david jencks

>
>
> On Apr 3, 2009, at 2:19 PM, Henk Penning wrote:
>
>> Hi Grant Ingersoll,
>>
>> I keep an eye on the apache Maven repo, and I noticed that :
>>
>> -- you own 14 unsigned artifacts
>>
>> For more info on problems, please see
>>
>>   http://people.apache.org/~henkp/repo/
>>
>> Info on how to fix this, can be found in the FAQ :
>>
>>   http://people.apache.org/~henkp/repo/faq.html
>>
>> Thanks a lot,
>>
>> Regards,
>>
>> Henk Penning -- apache.org infrastructure
>>
>> ----------------------------------------------------------------   _
>> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ _
>> Dept of Computer Science, Utrecht University  T +31 30 253 4106 / _/
>> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 _/ _/
>> http://www.cs.uu.nl/staff/henkp.html          M penning@cs.uu.nl  _/
>
> --------------------------
> Grant Ingersoll
> http://www.lucidimagination.com/
>
> Search the Lucene ecosystem (Lucene/Solr/Nutch/Mahout/Tika/Droids)  
> using Solr/Lucene:
> http://www.lucidimagination.com/search
>

Re: [gsingers] your MAVEN repo artifacts

Posted by Grant Ingersoll <gs...@apache.org>.

Hmm, so much for Maven doing this automatically when I generate  
artifacts...  I'll fix them.

On Apr 3, 2009, at 2:19 PM, Henk Penning wrote:

> Hi Grant Ingersoll,
>
>  I keep an eye on the apache Maven repo, and I noticed that :
>
>  -- you own 14 unsigned artifacts
>
>  For more info on problems, please see
>
>    http://people.apache.org/~henkp/repo/
>
>  Info on how to fix this, can be found in the FAQ :
>
>    http://people.apache.org/~henkp/repo/faq.html
>
>  Thanks a lot,
>
>  Regards,
>
>  Henk Penning -- apache.org infrastructure
>
> ----------------------------------------------------------------   _
> Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ _
> Dept of Computer Science, Utrecht University  T +31 30 253 4106 / _/
> Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 _/ _/
> http://www.cs.uu.nl/staff/henkp.html          M penning@cs.uu.nl  _/

--------------------------
Grant Ingersoll
http://www.lucidimagination.com/

Search the Lucene ecosystem (Lucene/Solr/Nutch/Mahout/Tika/Droids)  
using Solr/Lucene:
http://www.lucidimagination.com/search