You are viewing a plain text version of this content. The canonical link for it is here.
Posted to repository@apache.org by Glen Daniels <gl...@thoughtcraft.com> on 2009/05/28 14:17:09 UTC
Re: [gdaniels] your MAVEN repo artifacts
Hi Henk:
Henk Penning wrote:
> I keep an eye on the apache Maven repo, and I noticed that :
>
> -- you own 2 unsigned artifacts
> -- your public PGP key BB9D70A1 can't be found
I've 1) added a ~/.pgpkey, 2) added my key to www.apache.org/dist/axis2/KEYS.
There is a KEYS file in
people.apache.org/repo/m2-ibiblio-rsync-repository/org/apache/KEYS, but it
only has one key in it... where is the appropriate KEYS file in Maven?
As for the unsigned artifacts, the report from the tool didn't actually show
any details on the 2 from me, so it looks like either there's a glitch
identifying unsigned artifacts or reporting on them.
Thanks,
--Glen
Re: [gdaniels] your MAVEN repo artifacts
Posted by "Henk P. Penning" <he...@cs.uu.nl>.
On Thu, 28 May 2009, Glen Daniels wrote:
> Date: Thu, 28 May 2009 08:17:09 -0400
> From: Glen Daniels <gl...@thoughtcraft.com>
> To: Henk Penning <he...@apache.org>
> Cc: Henk Penning <he...@cs.uu.nl>, repository@apache.org
> Subject: Re: [gdaniels] your MAVEN repo artifacts
>
> Hi Henk:
>
> Henk Penning wrote:
>> I keep an eye on the apache Maven repo, and I noticed that :
>>
>> -- you own 2 unsigned artifacts
>> -- your public PGP key BB9D70A1 can't be found
>
> I've 1) added a ~/.pgpkey, 2) added my key to www.apache.org/dist/axis2/KEYS.
>
> There is a KEYS file in
> people.apache.org/repo/m2-ibiblio-rsync-repository/org/apache/KEYS, but it
> only has one key in it... where is the appropriate KEYS file in Maven?
Glen,
thanks for looking into this.
You are right, there are hardly any KEYS files in the Maven repo.
That is why the checker also looks for KEYS files in
people.apache.org in /www/www.apache.org/dist/
File '/www/www.apache.org/dist/ws/axis2/KEYS' seems appropriate ...
> As for the unsigned artifacts, the report from the tool didn't actually show
> any details on the 2 from me, so it looks like either there's a glitch
> identifying unsigned artifacts or reporting on them.
At people.apache.org, looking in the maven repo dir
/www/people.apache.org/repo/m2-ibiblio-rsync-repository/org/apache
the checker sees 2 unsigned artifacts owned by you :
axis2/axis2/1.5/axis2-1.5.jar
axis2/axis2/1.5/axis2-1.5.pom
> --Glen
Regards,
Henk Penning
---------------------------------------------------------------- _
Henk P. Penning, Computer Systems Group R Uithof CGN-A232 _/ \_
Dept of Computer Science, Utrecht University T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 253 2804 \_/ \_/
http://people.cs.uu.nl/henkp/ M penning@cs.uu.nl \_/
Re: [gdaniels] your MAVEN repo artifacts
Posted by Glen Daniels <gl...@thoughtcraft.com>.
Glen Daniels wrote:
> As for the unsigned artifacts, the report from the tool didn't actually show
> any details on the 2 from me, so it looks like either there's a glitch
> identifying unsigned artifacts or reporting on them.
Woops, my bad! Please ignore this bit. I didn't notice them b/c they were
nestled in the long string of public key not found warnings. Got 'em now.
Many thanks for the great tool.
--Glen