You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@maven.apache.org by David Jencks <da...@yahoo.com> on 2009/11/28 23:53:48 UTC

Does maven provide any support for re-signing artifacts with longer keys?

Apache has recently requested that all apache releases be signed with  
4096 bit keys and SHA512, see http://www.apache.org/dev/openpgp.html

I've released some artifacts using maven signed with an older 1024 bit  
key and most likely SHA1.

Is there any maven support for re-signing these older artifacts with a  
new longer key?  If not, does anyone have any advice for a non-maven  
way to do it?

thanks
david jencks