flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christofer Dutz <christofer.d...@c-ware.de>
Subject AW: Publish Maven artifacts for released versions of FlexUnit4?
Date Sun, 29 Mar 2015 10:02:44 GMT
Hi Justin,

investigating it a little more ... ok now this is really strange. I do generate the poms to
pom.xml and sign them, but they are renamed when uploading ... will change this ... thanks
for reporting this :-)

Chris



[ C h r i s t o f e r  D u t z ]

C-Ware IT-Service
Inhaber
Dipl. Inf. Christofer Dutz
Alleestraße 23, 64367 Mühltal

fon:  0 61 54 / 5779991
mobil:  0171 / 7 444 2 33
email:  christofer.dutz@c-ware.de
http://www.c-ware.de

FA Darmstadt: 07 813 60581

-----Ursprüngliche Nachricht-----
Von: Christofer Dutz [mailto:christofer.dutz@c-ware.de] 
Gesendet: Sonntag, 29. März 2015 11:30
An: dev@flex.apache.org
Betreff: AW: Publish Maven artifacts for released versions of FlexUnit4?

Oh ... thanks for that hint Justin.
I added the signature stuff to the Ant scripts quite some time ago. For this I had to manually
sign all artifacts. Will double-check to make sure the poms are signed too.

Chris




-----Ursprüngliche Nachricht-----
Von: Justin Mclean [mailto:justin@classsoftware.com] 
Gesendet: Sonntag, 29. März 2015 00:27
An: dev@flex.apache.org
Betreff: Re: Publish Maven artifacts for released versions of FlexUnit4?

Hi,

> Could you guys please double check the artifacts ...

I guess the main question is how do we confirm what source code this was compiled from?

> I know this is not an official release, but I still thing the signatures need verification.


May be the way it been deployed? but the the jar sigs and md5 hashes are ok (and using an
Apache email). but the pom file signature isn't.

for file in *.asc; do echo $file; gpg --verify $file; done

flexUnitTasks-4.2.0-javadoc.jar.asc
gpg: Signature made Sun 29 Mar 04:03:33 2015 AEDT using RSA key ID 5C60D6B9
gpg: Good signature from "Christofer Dutz (Apache Comitter) <cdutz@apache.org>"
flexUnitTasks-4.2.0-sources.jar.asc
gpg: Signature made Sun 29 Mar 04:03:27 2015 AEDT using RSA key ID 5C60D6B9
gpg: Good signature from "Christofer Dutz (Apache Comitter) <cdutz@apache.org>"
flexUnitTasks-4.2.0.jar.asc
gpg: Signature made Sun 29 Mar 04:03:13 2015 AEDT using RSA key ID 5C60D6B9
gpg: Good signature from "Christofer Dutz (Apache Comitter) <cdutz@apache.org>"
flexUnitTasks-4.2.0.pom.asc
gpg: no signed data
gpg: can't hash datafile: No data

Thanks,
Justin




Mime
View raw message