You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@uima.apache.org by Marshall Schor <ms...@schor.com> on 2018/10/18 13:05:38 UTC
deploying to repository.apache.org: gpg signatures on .sha512
checksums required?
Hi,
Following more requests to update our builds to generate .sha512 checksums, we
changed our "parent-pom" to do this, but now find we can't upload artifacts to
repository.apache.org unless we also change our builds to do gpg-signatures for
the .sha512 checksums (which seems overreaching).
I found INFRA-14923 looking to fix this; it has been open for over a year, but
there seems to be some recent activity.
In order to do releases, should we change our build (for now) to add gpg
signatures to the .sha512 checksums, or will INFRA-14923 be fixed shortly?
-Marshall Schor
Re: deploying to repository.apache.org: gpg signatures on .sha512
checksums required?
Posted by Brian Fox <br...@infinity.nu>.
I have a patch to the plugin that I need to get some time to test. I'm the
bottle neck unfortunately. Is the rule blocking only because of the missing
signature or is it balking at the hashes too?
On Thu, Oct 18, 2018 at 9:05 AM Marshall Schor <ms...@schor.com> wrote:
> Hi,
>
> Following more requests to update our builds to generate .sha512
> checksums, we
> changed our "parent-pom" to do this, but now find we can't upload
> artifacts to
> repository.apache.org unless we also change our builds to do
> gpg-signatures for
> the .sha512 checksums (which seems overreaching).
>
> I found INFRA-14923 looking to fix this; it has been open for over a year,
> but
> there seems to be some recent activity.
>
> In order to do releases, should we change our build (for now) to add gpg
> signatures to the .sha512 checksums, or will INFRA-14923 be fixed shortly?
>
> -Marshall Schor
>
>