You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Dawid Weiss (Jira)" <ji...@apache.org> on 2021/05/26 09:35:00 UTC
[jira] [Commented] (LUCENE-9975) Don't require artifact signing for
local maven artifact publishing
[ https://issues.apache.org/jira/browse/LUCENE-9975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17351667#comment-17351667 ]
Dawid Weiss commented on LUCENE-9975:
-------------------------------------
I'm a bit confused. The build currently says we don't sign snapshots:
{code}
signing {
required { !version.endsWith("SNAPSHOT") }
sign publishing.publications.jars
}
{code}
but apache nexus clearly has signatures for pinned shapshot versions:
https://repository.apache.org/content/repositories/snapshots/org/apache/lucene/lucene-core/9.0.0-SNAPSHOT/
[~uschindler] - what's the version number override the jenkins build does before it publishes to apache nexus?
I think this issue could be elegantly solved by creating two different publications: jars and unsignedJars, then the "local" maven publishing tasks wouldn't be signed, that's it. And nexus publications would have to be signed.
> Don't require artifact signing for local maven artifact publishing
> ------------------------------------------------------------------
>
> Key: LUCENE-9975
> URL: https://issues.apache.org/jira/browse/LUCENE-9975
> Project: Lucene - Core
> Issue Type: Improvement
> Reporter: Dawid Weiss
> Assignee: Dawid Weiss
> Priority: Minor
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org