www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wendy Smoak" <wsm...@gmail.com>
Subject Re: Proper maven call to release artifacts?
Date Mon, 29 Sep 2008 04:30:46 GMT
Assuming these aren't being built with Maven so that you could use the
Release plugin, the gpg plugin sign-and-deploy bit seems to be the
easiest way.

That feature was originally prompted by Tomcat needing to deploy their
Ant-built jars, though I don't know if they're using it.  (Thanks for
opening the enhancement request, the poms do need to be signed and
that must have been missed.)

-- 
Wendy

On Sun, Sep 28, 2008 at 12:41 PM, Max Berger <max@berger.name> wrote:
> Dear Repository maintainers,
> What is the proper procedure to release maven artifacts to the repository
> with the signatures in place? According to [1] both the pom and jar must be
> signed. I currently use mvn gpg:sign-and-deploy-file which signs the
> artifact (jar), but not the pom. I've requested an enhancement [2],  but is
> this the proper way to submit the artifacts? Is there an easier method?
> Thanks
> Max
> P.S. The process I'm using is described in [3], this may be of general
> interest.
> [1] http://people.apache.org/~henkp/repo/faq.html
> [2] http://jira.codehaus.org/browse/MGPG-12
> [3] http://mail-archives.apache.org/mod_mbox/xmlgraphics-general/200806.mbox/%3c14926A6B-CE16-4B37-8F9C-5114C6452AF7@berger.name%3e

Mime
View raw message