You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Robert Scholte (Jira)" <ji...@apache.org> on 2019/12/03 19:01:00 UTC

[jira] [Created] (MGPG-74) Signing based on InputStream

Robert Scholte created MGPG-74:
----------------------------------

             Summary: Signing based on InputStream
                 Key: MGPG-74
                 URL: https://issues.apache.org/jira/browse/MGPG-74
             Project: Maven GPG Plugin
          Issue Type: New Feature
            Reporter: Robert Scholte


The current implementation uses the gpg executable with a set of arguments to sign files. Maven is working on a build/consumer process, where the local pom.xml is not exactly the same as the distributed pom.xml.
With [FileTransformer|https://maven.apache.org/resolver/apidocs/org/eclipse/aether/transform/FileTransformer.html] any file can be transformed its result should be the signed.
Based on https://www.openpgp.org/software/developer/ BouncyCastle (MIT Licensed) seems to be preferred option for Java.
There should be a second implementation of AbstractGpgSigner using this library. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)