You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@maven.apache.org by jv...@apache.org on 2010/02/24 00:33:12 UTC

svn commit: r915589 - /maven/site/trunk/src/site/apt/guides/mini/guide-central-repository-upload.apt

Author: jvanzyl
Date: Tue Feb 23 23:33:12 2010
New Revision: 915589

URL: http://svn.apache.org/viewvc?rev=915589&view=rev
Log:
o update the documentation about uploading to central to specify the requirement of PGP signatures for all artifacts
Submitted by: Juven Xu

Modified:
    maven/site/trunk/src/site/apt/guides/mini/guide-central-repository-upload.apt

Modified: maven/site/trunk/src/site/apt/guides/mini/guide-central-repository-upload.apt
URL: http://svn.apache.org/viewvc/maven/site/trunk/src/site/apt/guides/mini/guide-central-repository-upload.apt?rev=915589&r1=915588&r2=915589&view=diff
==============================================================================
--- maven/site/trunk/src/site/apt/guides/mini/guide-central-repository-upload.apt (original)
+++ maven/site/trunk/src/site/apt/guides/mini/guide-central-repository-upload.apt Tue Feb 23 23:33:12 2010
@@ -123,6 +123,11 @@
 
 +----+
 
+* PGP Signature
+
+ When people download artifacts from Central Maven repository, they might want to validate that these artifacts have valid PGP signatures that can be verified against a public key server. If there is no signatures, then users have no guarantee that they are downloading the original artifact.
+
+ To improve the quality of the Central Maven repository, we require you to provide PGP signatures for all your artifacts (all files except checksums), and distribute your public key to a key server like hkp://pgp.mit.edu . If you are not familiar with PGP, please read this blog: {{{http://www.sonatype.com/people/2010/01/how-to-generate-pgp-signatures-with-maven/}How to Generate PGP Signatures with Maven}}.
 
 * FAQ and common mistakes