You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Elliotte Rusty Harold (Jira)" <ji...@apache.org> on 2019/12/18 13:22:00 UTC

[jira] [Resolved] (MGPG-43) Allow signing of arbitrary artifacts

     [ https://issues.apache.org/jira/browse/MGPG-43?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Elliotte Rusty Harold resolved MGPG-43.
---------------------------------------
    Resolution: Won't Fix

Since there's no activity here and this issue is scheduled for autoclosure anyway, I'm going to make an opinionated call that this is out of scope for the GPG plugin. Signing arbitrary files should be done with gpg itself, not a Maven plugin.

If anyone wants to pick it up again, feel free to reopen.

> Allow signing of arbitrary artifacts
> ------------------------------------
>
>                 Key: MGPG-43
>                 URL: https://issues.apache.org/jira/browse/MGPG-43
>             Project: Maven GPG Plugin
>          Issue Type: New Feature
>            Reporter: Sebb
>            Priority: Major
>         Attachments: MGPG-43.patch, MGPG43-2.patch, MGPG43-3.patch, MGPG43.patch
>
>
> At present, the plugin relies on being run after the "package" phase, presumably so it knows which files to sign.
> This is fine if all the artifacts are intended for distribution via Maven repos, but there are other distribution mechanisms where signed artifacts are needed. For example, ASF releases to their mirror system.
> It would be useful if there was a separate goal for signing files using standard includes/excludes.
> Ideally this would also be integrated with the assembly plugin somehow so it could obtain the list of files from the plugin.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)