www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Dillon <ja...@planet57.com>
Subject Re: new stuff in maven-repository
Date Tue, 29 Aug 2006 02:08:30 GMT
Any idea when this will become reality?

In the mean time I wrote a simple goal to sign attached artifacts  
with gpg:

     http://svn.apache.org/viewvc/geronimo/genesis/trunk/plugins/ 
tools-maven-plugin/src/main/java/org/apache/geronimo/genesis/plugins/ 
tools/GpgSignAttachedMojo.java?view=log

Docs should be up here shortly:

     http://geronimo.apache.org/maven/genesis/plugins/tools-maven- 
plugin/usage.html

Only roughly tested... but so far works okay.

--jason


On Aug 28, 2006, at 3:26 PM, Brett Porter wrote:

> http://docs.codehaus.org/display/MAVEN/Repository+Security 
> +Improvements
> has all the details. It was raised on this list not too long ago.
>
> - Brett
>
> On 29/08/06, Jason Dillon <jason@planet57.com> wrote:
>> Do you have a URL to the plugin in the sandbox... I can't find it.
>>
>> --jason
>>
>>
>> On Aug 28, 2006, at 3:10 PM, Carlos Sanchez wrote:
>>
>> > there's some work on a pgp plugin for maven to do it, it's in the
>> > sandbox but not working yet afaik.
>> >
>> > On 8/28/06, Wendy Smoak <wsmoak@gmail.com> wrote:
>> >> On 8/28/06, Craig L Russell <Craig.Russell@sun.com> wrote:
>> >>
>> >> > I'm curious to know how you have scripts during deployment  
>> that do
>> >> > signing of artifacts. The only way I know of to sign an  
>> artifact is
>> >> > to use a gpg command that requires typing my password. Is  
>> this able
>> >> > to be automated?
>> >>
>> >> Also curious. :)
>> >>
>> >> Trustin Lee once posted a nice shell script on his blog.  It  
>> prompts
>> >> for the pass phrase once, then signs everything in a directory  
>> tree.
>> >> That, modified a bit to only find .jar and .pom files, is what  
>> I used
>> >> on Struts 1.3.5 which had 20+ artifacts.
>> >>
>> >> --
>> >> Wendy
>> >>
>> >
>> >
>> > --
>> > I could give you my word as a Spaniard.
>> > No good. I've known too many Spaniards.
>> >                             -- The Princess Bride
>>
>>
>
>
> -- 
> Apache Maven - http://maven.apache.org
> "Better Builds with Maven" book - http://library.mergere.com/


Mime
View raw message