You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Robert Scholte (Jira)" <ji...@apache.org> on 2019/12/03 19:01:00 UTC
[jira] [Created] (MGPG-74) Signing based on InputStream
Robert Scholte created MGPG-74:
----------------------------------
Summary: Signing based on InputStream
Key: MGPG-74
URL: https://issues.apache.org/jira/browse/MGPG-74
Project: Maven GPG Plugin
Issue Type: New Feature
Reporter: Robert Scholte
The current implementation uses the gpg executable with a set of arguments to sign files. Maven is working on a build/consumer process, where the local pom.xml is not exactly the same as the distributed pom.xml.
With [FileTransformer|https://maven.apache.org/resolver/apidocs/org/eclipse/aether/transform/FileTransformer.html] any file can be transformed its result should be the signed.
Based on https://www.openpgp.org/software/developer/ BouncyCastle (MIT Licensed) seems to be preferred option for Java.
There should be a second implementation of AbstractGpgSigner using this library.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)