You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@systemds.apache.org by ja...@apache.org on 2021/07/01 07:10:25 UTC
[systemds] branch master updated: [MINOR] maven-gpg-plugin update
to version 3.0.1 (#1285)
This is an automated email from the ASF dual-hosted git repository.
janardhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/systemds.git
The following commit(s) were added to refs/heads/master by this push:
new bfbc8fd [MINOR] maven-gpg-plugin update to version 3.0.1 (#1285)
bfbc8fd is described below
commit bfbc8fd9b9a022dd284e90a13e3c8050d6a4fe1b
Author: Janardhan Pulivarthi <j1...@protonmail.com>
AuthorDate: Thu Jul 1 12:38:32 2021 +0530
[MINOR] maven-gpg-plugin update to version 3.0.1 (#1285)
gpg plugin does not sign the artifacts but simply provides .asc file.
- More about the plugin:
https://maven.apache.org/plugins/maven-gpg-plugin/plugin-info.html
---
Commentary:
Signing artifacts with SHA-256 or higher using maven resolver, which is
part of maven core, but not with maven-gpg-plugin. If you are unable
to sign the artifacts then upgrade to latest maven version.
```sh
mvn -P'distribution' deploy -Daether.checksums.algorithms=SHA-256
```
- The signing with SHA512 functionality has been added in 2016 by
https://issues.apache.org/jira/browse/MPOM-118
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index d06735c..56f0a8c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -689,7 +689,7 @@
<plugin>
<artifactId>maven-gpg-plugin</artifactId>
- <version>1.6</version>
+ <version>3.0.1</version>
<executions>
<execution>
<phase>verify</phase>