www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Max Berger <...@berger.name>
Subject Proper maven call to release artifacts?
Date Sun, 28 Sep 2008 19:41:12 GMT
Dear Repository maintainers,

What is the proper procedure to release maven artifacts to the  
repository with the signatures in place? According to [1] both the pom  
and jar must be signed. I currently use mvn gpg:sign-and-deploy-file  
which signs the artifact (jar), but not the pom. I've requested an  
enhancement [2],  but is this the proper way to submit the artifacts?  
Is there an easier method?



P.S. The process I'm using is described in [3], this may be of general  

[1] http://people.apache.org/~henkp/repo/faq.html
[2] http://jira.codehaus.org/browse/MGPG-12
[3] http://mail-archives.apache.org/mod_mbox/xmlgraphics-general/200806.mbox/%3c14926A6B-CE16-4B37-8F9C-5114C6452AF7@berger.name%3e

Anfang der weitergeleiteten E-Mail:
>> Am 28.09.2008 um 11:40 schrieb Henk Penning:
>>> I keep an eye on the apache Maven repo, and I noticed that :
>>> -- you own 1 unsigned artifact
>> I have a question: I use
>> mvn gpg:sign-and-deploy-file
>> which signs and deployes the artifact, but not the pom.xml. Do you  
>> know if there is a command to do both at the same time or do i have  
>> to do this manually?
>  Please do me a favor and ask this on 'repository@apache.org'
>> Max
>  HPP

View raw message