maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <>
Subject WARNING: Maven 2.1 and GPG plugin interaction problems.....
Date Tue, 05 May 2009 02:45:51 GMT

This is just a warning that the Maven team has just discovered an interaction 
problem between Maven 2.1 and the maven-gpg-plugin that CAN result in the 
signatures for the installed/deployed poms being invalid.   Signatures for the 
other artifacts (jars, wars, etc..) are unaffected and not all poms are 

Thus, at this point, it's advisable to either use Maven 2.0.10 for releases or 
verify, check, and resign any affected poms.

The Maven team is aware of the situation and is working on a fix.   At this 
point, it's too early to determine if this will require changes to Maven 2.1.x 
or to the gpg plugin to fix this.   However, we felt it was important to get 
the information out to the users as quickly as possible.

Daniel Kulp

View raw message