You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@uima.apache.org by "Richard Eckart de Castilho (Jira)" <de...@uima.apache.org> on 2023/01/23 13:43:00 UTC
[jira] [Updated] (UIMA-6444) Automatically sign Eclipse plugins during release builds
[ https://issues.apache.org/jira/browse/UIMA-6444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Eckart de Castilho updated UIMA-6444:
---------------------------------------------
Fix Version/s: 3.4.1SDK
(was: 3.4.0SDK)
> Automatically sign Eclipse plugins during release builds
> --------------------------------------------------------
>
> Key: UIMA-6444
> URL: https://issues.apache.org/jira/browse/UIMA-6444
> Project: UIMA
> Issue Type: Improvement
> Reporter: Richard Eckart de Castilho
> Assignee: Richard Eckart de Castilho
> Priority: Major
> Fix For: 3.4.1SDK
>
>
> *Note:* we do have detached PGP signatures for the Eclipse update site artifacts - it is mandatory according to the ASF release policy - but they are currently not included in such a way that Eclipse can verify them and offer the user to trust them during the plugin installation process.
> ----
> Currently, we do not sign the Eclipse plugins because it is extra effort and the old way of using the Symantec Service are gone anyway.
> There is a new jarsigning approach which could be used.
> Alternatively, it is meanwhile possible to embed PGP signatures in P2 repositories.
> Let's see which of these options are viable for us.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)