You are viewing a plain text version of this content. The canonical link for it is here.

Posted to pluto-dev@portals.apache.org by Elliot Metsger <em...@jhu.edu> on 2007/03/30 18:06:36 UTC

Using the gpg plugin and Maven 2.0.5

All,

Based on this warning from the GPG maven plugin page [0]:

> Issue with invalid signatures on the pom files
> 
> Maven 2.0.5 fixes a problem where the pom files would end up changing
> between signing them and deploying them. If the signatures on the pom
> files are invalid, make sure you upgrade to Maven 2.0.5.

It appears those performing releases of Pluto should be using Maven 2.0.5.

It appears that if you use the GPG plugin with Maven 2.0.4, there is a 
chance that artifacts deployed to the repository will have invalid 
signatures.

Elliot

[0]: 
http://maven.apache.org/plugins/maven-gpg-plugin/examples/deploy-signed-artifacts.html

Re: Using the gpg plugin and Maven 2.0.5

Posted by Jason Dillon <ja...@planet57.com>.

There are other issues with 2.0.4, so its highly recommended that you  
use 2.0.5... and really probably 2.0.6 once that comes out next week.

--jason


On Mar 30, 2007, at 9:06 AM, Elliot Metsger wrote:

> All,
>
> Based on this warning from the GPG maven plugin page [0]:
>
>> Issue with invalid signatures on the pom files
>> Maven 2.0.5 fixes a problem where the pom files would end up changing
>> between signing them and deploying them. If the signatures on the pom
>> files are invalid, make sure you upgrade to Maven 2.0.5.
>
> It appears those performing releases of Pluto should be using Maven  
> 2.0.5.
>
> It appears that if you use the GPG plugin with Maven 2.0.4, there  
> is a chance that artifacts deployed to the repository will have  
> invalid signatures.
>
> Elliot
>
> [0]: http://maven.apache.org/plugins/maven-gpg-plugin/examples/ 
> deploy-signed-artifacts.html