You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2023/04/27 17:50:00 UTC
[jira] [Commented] (MGPG-97) add pgpverify check to the build
[ https://issues.apache.org/jira/browse/MGPG-97?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17717319#comment-17717319 ]
ASF GitHub Bot commented on MGPG-97:
------------------------------------
slawekjaranowski commented on code in PR #48:
URL: https://github.com/apache/maven-gpg-plugin/pull/48#discussion_r1179503624
##########
pom.xml:
##########
@@ -194,6 +194,14 @@ under the License.
<artifactId>maven-invoker-plugin</artifactId>
<version>3.5.1</version>
</plugin>
+ <plugin>
+ <groupId>org.simplify4u.plugins</groupId>
+ <artifactId>pgpverify-maven-plugin</artifactId>
+ <version>1.11.0</version>
Review Comment:
There is 1.17.0
> add pgpverify check to the build
> --------------------------------
>
> Key: MGPG-97
> URL: https://issues.apache.org/jira/browse/MGPG-97
> Project: Maven GPG Plugin
> Issue Type: Improvement
> Affects Versions: 3.0.1
> Reporter: Herve Boutemy
> Assignee: Herve Boutemy
> Priority: Major
> Fix For: 3.1.0
>
>
> signing is useful only if signature checks are done
> let's apply this best practice to maven-gpg-plugin itself
--
This message was sent by Atlassian Jira
(v8.20.10#820010)