You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2023/04/27 17:50:00 UTC

[jira] [Commented] (MGPG-97) add pgpverify check to the build

    [ https://issues.apache.org/jira/browse/MGPG-97?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17717319#comment-17717319 ] 

ASF GitHub Bot commented on MGPG-97:
------------------------------------

slawekjaranowski commented on code in PR #48:
URL: https://github.com/apache/maven-gpg-plugin/pull/48#discussion_r1179503624


##########
pom.xml:
##########
@@ -194,6 +194,14 @@ under the License.
           <artifactId>maven-invoker-plugin</artifactId>
           <version>3.5.1</version>
         </plugin>
+        <plugin>
+          <groupId>org.simplify4u.plugins</groupId>
+          <artifactId>pgpverify-maven-plugin</artifactId>
+          <version>1.11.0</version>

Review Comment:
   There is 1.17.0





> add pgpverify check to the build
> --------------------------------
>
>                 Key: MGPG-97
>                 URL: https://issues.apache.org/jira/browse/MGPG-97
>             Project: Maven GPG Plugin
>          Issue Type: Improvement
>    Affects Versions: 3.0.1
>            Reporter: Herve Boutemy
>            Assignee: Herve Boutemy
>            Priority: Major
>             Fix For: 3.1.0
>
>
> signing is useful only if signature checks are done
> let's apply this best practice to maven-gpg-plugin itself



--
This message was sent by Atlassian Jira
(v8.20.10#820010)