commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Libbrecht <>
Subject Re: [general] MANIFEST files...
Date Mon, 17 May 2004 18:40:37 GMT

What you are telling, it seems, is that there is a key practice at 
Apaache, amazing!

Signing jars is automated in many tools, including Maven (simply using 
Ant's signjar, see your .maven/plugins/maven-jnlp-plugin/plugin.jelly, 
having run the jnlp target once, for an example.

Tomcat jars are a good example of something we'd like to have signed 
because many people merge it with others (our tomcat.jar contains soooo 
many other stuffs!).

But be careful with the dozens, you only want to sign what you are 
producing and expect the things you depend on to be signed by their 
makers! That shouldn't make dozens, I think. Maybe half a dozen ?


On 17-May-04, at 17:28 Uhr, Shapira, Yoav wrote:

> Signing individual jars is an interesting proposition.  It needs to be
> automated, as for a release like tomcat's we're talking about dozens of
> jars.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message