A full pgp signing plugin is certainly useful, and necessary for the maven stuff.
There is value in the less powerful, but still handy MD5 and SHA1 "signature/digest". I know there are restrictions for some places to not be allowed to utilize software (read jars) unless both are provided -- since the probability of creating a false data product that hashes correct to both is vanishingly small. Would MD5/SHA1 hashing belong in such a plugin or would a separate digest/hashing/checksum plugin make more sense? It would be nice to have gradle be able to create them without having to manually use the MessageDigest class - especially since there is already a HashUtil class within gradle for at least MD5. Two overrides to those methods to allow the explicit MD5 to be selectable would mean the whole framework is already there for hashing. Thoughts on where such functionality belongs? It would very much mimic how the signing plugin works (assuming it doesn't belong in that plugin), although with fewer options because none of the username, password, or file to read are necessary. BTW, http://www.gradle.org/documentation.html Latest Nightly references point to 0.9.1 versions. I was expecting them to point to something a bit newer. Also, there are no direct links that I could find from gradle.org that pointed to this essentially 1.0-milestone-4 pre-release documentation. Also, looking at the larger document, this plugin should be added to the Standard Plugins section as well. Nice work! -Spencer --- On Fri, 7/15/11, Jason Porter <[email protected]> wrote: From: Jason Porter <[email protected]> Subject: Re: [gradle-dev] Signing plugin docs. To: [email protected] Date: Friday, July 15, 2011, 4:01 AM Looks good Luke On Fri, Jul 15, 2011 at 01:59, Luke Daley <[email protected]> wrote: Proposed final is up: http://gradle.org/releases/latest/docs/userguide/signing_plugin.html On 15/07/2011, at 4:09 PM, Jason Porter wrote: This one isn't related to the Signing plugin but I noticed while looking at http://gradle.org/releases/latest/docs/dsl/org.gradle.api.tasks.SourceSetOutput.html The example and the method signature don't match. In the Generated Output example it's placing the directory first, then the map, but the method signature a little below says map first then dir. Which one is correct? SigningWould it make sense to have the maven plugin also apply the sign plugin (if it doesn't already)? Perhaps at a second pass, it would be nice to have the plugin ask for the required properties if they aren't already there, like what the example gives. Along those lines before M4 ships that example should be completed as I'm sure there will be others that will want to use it. On Thu, Jul 14, 2011 at 18:53, Luke Daley <[email protected]> wrote: If anyone has a minute, it would be good to get some eyes on the signing plugin docs before it goes out. http://gradle.org/releases/latest/docs/dsl http://gradle.org/releases/latest/docs/userguide/signing_plugin.html The last chapter of that userguide chapter will be changing today. -- Luke Daley Principal Engineer, Gradleware http://gradleware.com --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email -- Jason Porter http://lightguard-jp.blogspot.com http://twitter.com/lightguardjp Software Engineer Open Source Advocate Author of Seam Catch - Next Generation Java Exception Handling PGP key id: 926CCFF5 PGP key available at: keyserver.net, pgp.mit.edu -- Luke Daley Principal Engineer, Gradleware http://gradleware.com -- Jason Porter http://lightguard-jp.blogspot.com http://twitter.com/lightguardjp Software Engineer Open Source Advocate Author of Seam Catch - Next Generation Java Exception Handling PGP key id: 926CCFF5 PGP key available at: keyserver.net, pgp.mit.edu
