OK thanks On Mon, Oct 19, 2015 at 8:36 PM, Tibor Digana <tibordig...@apache.org> wrote:
> csportal is not available for me, but these are two different things of > signing. The gpg creates extra signature file, but webstart as typical > webstart jar I know needs DSA or RSA signature inside jar file which can be > accomplished by maven-jarsigner-plugin > https://maven.apache.org/plugins/maven-jarsigner-plugin/usage.html > You could open discussion in Users group. > > On Mon, Oct 19, 2015 at 1:14 PM, Maxim Solodovnik [via Maven] < > ml-node+s40175n5849695...@n5.nabble.com> wrote: > > > Now I'm a little bit scared :) > > Our release process is documented here [1] > > part "Step3 - Sign web start application" describes the current process > of > > signing jar files. (all current stable releases uses ant, dev releases > are > > using maven) > > > > > > [1] http://openmeetings.apache.org/ReleaseGuide.html > > > > On Mon, Oct 19, 2015 at 4:58 PM, Tibor Digana <[hidden email] > > <http:///user/SendEmail.jtp?type=node&node=5849695&i=0>> > > wrote: > > > > > As I am reading your discussion, I am a little bit scared. > > > Maxim you use your own ASK key? > > > > > > On Mon, Oct 19, 2015 at 8:02 AM, Maxim Solodovnik <[hidden email] > > <http:///user/SendEmail.jtp?type=node&node=5849695&i=1>> > > > wrote: > > > > > > > Hello Hervé, > > > > > > > > We are using "ASF key" to sign our webstart application, this way it > > is > > > > started without error in modern Java > > > > Currently we are using lots of manual steps to sign necessary jars > > using > > > > ASF service > > > > I thought maybe Maven can do it on my behalf :) > > > > > > > > On Sun, Oct 18, 2015 at 12:14 PM, Hervé BOUTEMY <[hidden email] > > <http:///user/SendEmail.jtp?type=node&node=5849695&i=2>> > > > > wrote: > > > > > > > > > Hi, > > > > > > > > > > Perhaps the "code signing" feature for jars should be explained, > > since > > > we > > > > > already have maven-gpg-plugin [1] to sign code, that is used for > > years > > > > with > > > > > great success. > > > > > > > > > > From what I read on ASF signing, it adds a feature for Windows > > > > executables, > > > > > that is checked by the OS at runtime and displayed to end-users. > > > > > > > > > > For jars, I don't see what we get better than gpg. > > > > > What I suppose is that if a plugin is done, it will be an > > > Apache-specific > > > > > plugin: not same interest than doing a plugin for general public > > use. > > > > > > > > > > What do you expect from this signing feature for jars? > > > > > > > > > > Regards, > > > > > > > > > > Hervé > > > > > > > > > > [1] http://maven.apache.org/plugins/maven-gpg-plugin/ > > > > > > > > > > Le jeudi 8 octobre 2015 12:26:57 Maxim Solodovnik a écrit : > > > > > > Hello All, > > > > > > > > > > > > More than a year ago INFRA announce availability of code signing > > at > > > > > Apache: > > > > > > > > > > > > https://blogs.apache.org/infra/entry/code_signing_service_now_available > > > > > > > > > > > > but still there is no maven plugin for doing that :( > > > > > > I never wrote maven plugins and need more time to write "Hello > > world" > > > > > level > > > > > > plugins before I can fix/create anything :) > > > > > > > > > > > > Maybe anyone is interested to write maven plugin so code can be > > > signed > > > > at > > > > > > Apache? :) > > > > > > > > > > > > Thanks in advance! > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [hidden email] > > <http:///user/SendEmail.jtp?type=node&node=5849695&i=3> > > > > > For additional commands, e-mail: [hidden email] > > <http:///user/SendEmail.jtp?type=node&node=5849695&i=4> > > > > > > > > > > > > > > > > > > > > > > -- > > > > WBR > > > > Maxim aka solomax > > > > > > > > > > > > > > > > -- > > > Cheers > > > Tibor > > > > > > > > > > > -- > > WBR > > Maxim aka solomax > > > > > > ------------------------------ > > If you reply to this email, your message will be added to the discussion > > below: > > > > > http://maven.40175.n5.nabble.com/Maven-plugin-for-code-signing-Apache-tp5847816p5849695.html > > To start a new topic under Maven Developers, email > > ml-node+s40175n142166...@n5.nabble.com > > To unsubscribe from Maven Developers, click here > > < > http://maven.40175.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=142166&code=dGlib3JkaWdhbmFAYXBhY2hlLm9yZ3wxNDIxNjZ8LTI4OTQ5MjEwMg== > > > > . > > NAML > > < > http://maven.40175.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > > > -- > View this message in context: > http://maven.40175.n5.nabble.com/Maven-plugin-for-code-signing-Apache-tp5847816p5849712.html > Sent from the Maven Developers mailing list archive at Nabble.com. -- WBR Maxim aka solomax