1.) looking into GPG for java and/or maven.
2.) working with infrustructure on a bigger issue (establishing a standard maven repository in www/www.apache.org/dist. for mirroring.
The later I want to see in place for our releases.
-Mark
robert burrell donkin wrote:
cool.
the best practice is to generate both an md5 sum and a openPGP-compatible signature for releases. this allows the ASF the best chance of defending against compromised releases.
- robert
On 16 Jan 2004, at 16:05, Mark R. Diggory wrote:
The news from the Maven users list is that the "artifact" plug-in for maven takes care of md5 checksums. (It also takes care of automatically deploying (artifacts) into a maven repository).
-Mark
robert burrell donkin wrote:
On 14 Jan 2004, at 21:55, Mark R. Diggory wrote:
robert burrell donkin wrote:
<snip>
2. you'll need to create md5's and signatures for the actual release. i'd recommend trying these out on the candidate.
- robert
hopefully theres a md5/signature pluggin or property in maven?
dunno. asking on irc will probably get you a quick answer. (but i doubt they'll have a plug for creating signatures.)
the signature needs to be openPGP compatible. if you don't have anything suitable installed, i recommend http://www.gnupg.org which is solid and comes with good documentation. there is some useful information about signing keys and creating releases on the wiki (http://nagoya.apache.org/wiki/apachewiki.cgi?ReleaseManager). remember to create detached signatures and to ascii armour them.
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-- Mark Diggory Software Developer Harvard MIT Data Center http://osprey.hmdc.harvard.edu
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Mark Diggory Software Developer Harvard MIT Data Center http://osprey.hmdc.harvard.edu
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
