commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert burrell donkin <robertburrelldon...@blueyonder.co.uk>
Subject Re: [Jakarta Commons Wiki] New: SigningReleases
Date Tue, 18 Jan 2005 20:16:28 GMT
(bit late on this thread)

FWIW i'd say that the right approach would be to start by supporting  
BouncyCastles. i've noticed that most folks just want a simple set of  
instructions (something which is pretty difficult when dealing with  
code signing). it'd probably pay to go for a single, simple system that  
can be explained in detail. those with more experience who already have  
a preference for GPG or PGP should be capable of importing their code  
signing keys into bouncy castle.

- robert

On 7 Jan 2005, at 18:14, Mark R. Diggory wrote:

> Thats one of the major reasons I stalled in development of it. It's  
> very platform/application specific in that case. Either force the Ant  
> task to be using only BouncyCastle and have everyone import their keys  
> into BouncyCastles config, or allow users to configure which  
> application was doing the signing and call the application externally.  
> Which would be logical in that the Ant task would be generic and there  
> would be build.properties the user could define to establish which  
> implementation did the signing.
>
> -Mark
>
> Martin Cooper wrote:
>> On Fri, 07 Jan 2005 12:47:06 -0500, Mark R. Diggory
>> <mdiggory@latte.harvard.edu> wrote:
>>> I've been lurking on this discussion.
>>>
>>> +1
>>>
>>> PGP Signing files needs to be just like the current md5 signing that
>>> maven supplies on artifacts. You should be able to supply signing  
>>> Keys
>>> and get artifacts signed.
>> The catch to this is that different people use different tools to do
>> the signing. Some people use PGP, others use GPG, people have
>> different versions. It's not clear to me that you'd be able to get
>> everyone to use the same tool.
>> --
>> Martin Cooper
>>> I initially was working on libraries to do this in Ant/Maven using
>>> BouncyCastle. But alas, time and money has me unable to contribute. I
>>> highly recommend having this be a task in Ant that Maven can also  
>>> take
>>> advantage of, this way it can also be included into the generate
>>> build.xml files that projects may use for also building releases.
>>>
>>> -Mark
>>>
>>> robert burrell donkin wrote:
>>>
>>>> AIUI there some work underway on this over in mavenland. hopefully  
>>>> brett
>>>> will jump now with a progress report and tasks which are still  
>>>> needed
>>>> volunteers...
>>>>
>>>> - robert
>>>>
>>>> On 6 Jan 2005, at 20:53, Rory Winston wrote:
>>>>
>>>>
>>>>> +1
>>>>>
>>>>> Tim O'Brien wrote:
>>>>>
>>>>>
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Phil Steitz [mailto:phil@steitz.com]
>>>>>>
>>>>>>
>>>>>>
>>>>>>> 2) A real maven expert (Brett ;) could probably figure out how
to
>>>>>>> automate almost everything in a way that could be reused across
 
>>>>>>> all
>>>>>>> maven-built projects. Including the signing, hashing and
>>>>>>> verification in the maven build would be great. I agree with
 
>>>>>>> Robert
>>>>>>> that this probably belongs in the maven community.  I am willing
 
>>>>>>> to
>>>>>>> help in any case, either working on plugins to get things to
 
>>>>>>> work or
>>>>>>> documenting how to use maven to cut releases.
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Ah, a release plugin that would be a good thing!
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------

>>>>>> ---
>>>>>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>>>>>> For additional commands, e-mail:  
>>>>>> commons-dev-help@jakarta.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------- 
>>>>> --
>>>>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>>>>> For additional commands, e-mail:  
>>>>> commons-dev-help@jakarta.apache.org
>>>>>
>>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------- 
>>>> -
>>>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>>>>
>>>
>>> --
>>> Mark Diggory
>>> Software Developer
>>> Harvard MIT Data Center
>>> http://www.hmdc.harvard.edu
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>
> -- 
> Mark Diggory
> Software Developer
> Harvard MIT Data Center
> http://www.hmdc.harvard.edu
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message