www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthieu Riou" <mr...@apache.org>
Subject Re: [repo] /www/people.apache.org/repo/m2-ibiblio-rsync-repository/
Date Thu, 15 May 2008 03:57:42 GMT
On Wed, May 14, 2008 at 8:19 PM, Wendy Smoak <wsmoak@gmail.com> wrote:

> On Wed, May 14, 2008 at 8:09 PM, Matthieu Riou <mriou@apache.org> wrote:
>
> > Ah, sorry about that.  I thought PGP signing was only for main source and
> > binary releases and not for individual artifacts (did that change
> > recently?). I'll fix that ASAP.
>
> Thanks for the quick response!  It's always been the case that
> anything we distribute needs a signature, but we haven't always been
> vigilant about checking the Maven repos.
>

Okay, sounds good, thanks for the extra vigilance.


>
> (You can use the Maven GPG plugin to automate the signatures; ask on
> users@maven if you need help configuring it.)
>

I've used a simple script, it's quicker. Actually I have a one-liner to
check missing signatures under the current directory, if it can save a few
minutes to someone:

ruby -e 'Dir["**/*.{war,jar,pom}"].each { |f| puts f unless
File.exist?("#{f}.asc") }'

This will list all the war, jar and poms with no corresponding asc file. I'd
avoid running it at the root of the repository without asking infra first
though ;)

Cheers,
Matthieu


> Thanks,
> --
> Wendy
>

Mime
View raw message