www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wendy Smoak" <wsm...@gmail.com>
Subject Re: Proper maven call to release artifacts?
Date Mon, 29 Sep 2008 04:30:46 GMT
Assuming these aren't being built with Maven so that you could use the
Release plugin, the gpg plugin sign-and-deploy bit seems to be the
easiest way.

That feature was originally prompted by Tomcat needing to deploy their
Ant-built jars, though I don't know if they're using it.  (Thanks for
opening the enhancement request, the poms do need to be signed and
that must have been missed.)


On Sun, Sep 28, 2008 at 12:41 PM, Max Berger <max@berger.name> wrote:
> Dear Repository maintainers,
> What is the proper procedure to release maven artifacts to the repository
> with the signatures in place? According to [1] both the pom and jar must be
> signed. I currently use mvn gpg:sign-and-deploy-file which signs the
> artifact (jar), but not the pom. I've requested an enhancement [2],  but is
> this the proper way to submit the artifacts? Is there an easier method?
> Thanks
> Max
> P.S. The process I'm using is described in [3], this may be of general
> interest.
> [1] http://people.apache.org/~henkp/repo/faq.html
> [2] http://jira.codehaus.org/browse/MGPG-12
> [3] http://mail-archives.apache.org/mod_mbox/xmlgraphics-general/200806.mbox/%3c14926A6B-CE16-4B37-8F9C-5114C6452AF7@berger.name%3e

View raw message