You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@uima.apache.org by "Richard Eckart de Castilho (Jira)" <de...@uima.apache.org> on 2023/01/23 13:43:00 UTC

[jira] [Updated] (UIMA-6444) Automatically sign Eclipse plugins during release builds

     [ https://issues.apache.org/jira/browse/UIMA-6444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Eckart de Castilho updated UIMA-6444:
---------------------------------------------
    Fix Version/s: 3.4.1SDK
                       (was: 3.4.0SDK)

> Automatically sign Eclipse plugins during release builds
> --------------------------------------------------------
>
>                 Key: UIMA-6444
>                 URL: https://issues.apache.org/jira/browse/UIMA-6444
>             Project: UIMA
>          Issue Type: Improvement
>            Reporter: Richard Eckart de Castilho
>            Assignee: Richard Eckart de Castilho
>            Priority: Major
>             Fix For: 3.4.1SDK
>
>
> *Note:* we do have detached PGP signatures for the Eclipse update site artifacts - it is mandatory according to the ASF release policy - but they are currently not included in such a way that Eclipse can verify them and offer the user to trust them during the plugin installation process.
> ----
> Currently, we do not sign the Eclipse plugins because it is extra effort and the old way of using the Symantec Service are gone anyway.
> There is a new jarsigning approach which could be used.
> Alternatively, it is meanwhile possible to embed PGP signatures in P2 repositories.
> Let's see which of these options are viable for us.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)