incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gilles Scokart" <>
Subject Re: enforced signing of artifacts, [was maven repository]
Date Mon, 02 Jun 2008 06:58:36 GMT
2008/5/31 Noel J. Bergman <>:

> Implement that, and we're fine.  We will
> require Incubator artifacts to be signed by a designated key available to
> the PMC, and once a user has acknowledged that they accept such Incubator
> signed artifacts, maven can do what it wants with them.
>        --- Noel

Is that really possible?  I remember some discussion on the infra list
about an ASF wide signature.  And the conclusion was always the same :
how to secure a key that can be used by so many people.  If I remember
well, some solution were proposed, but they were quiet heavy.
Do we have a solution for that?

Gilles Scokart

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message