incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brett Porter" <>
Subject Re: status of PGP support in Maven
Date Mon, 15 Sep 2008 14:02:51 GMT
I'll make an attempt not to derail the vote (probably futile!) by changing
the subject :)

2008/9/16 Noel J. Bergman <>

> For the moment, I am voting -1 on this proposal.
> Even though I understand both the desire and the fact that Maven's flaws
> make current the approaches to require that the user knowingly accept
> Incubator artifacts easy to work around, I am more in alignment with
> Craig's
> comments.
> Has their been any movement in the Maven project to address its failings?

I've already finished a working prototype based on the proposal that sat out
for some time. I need to backport it to the current release branch after the
first milestone is done. If you want to try a test build let me know.

Currently, it has checking turned on by default, but that isn't going to be
a reasonable setting for some releases to come until the signatures in the
repository are cleaned up. At the moment I've populated unsigned artifacts
with a signature from a dummy key for testing purposes only.

For the releases to be identified as from the incubator, they'll need to be
signed solely by "the incubator". Did you want to elaborate on how you
anticipated that set up working?


Brett Porter

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message