On 17/07/2011, at 12:07 AM, Joern Huxhorn wrote: > 38.2 currently says > "The passphrase used to protect your public key." > but it should be > "The passphrase used to protect your private key."
Nice catch, fixed thanks. > I think a pretty common use case is to only sign release artifacts, keeping > SNAPSHOT releases unsigned. Is there already an easy way to accomplish this? > In any case, a how-to focusing on that use case would be a nice addition to > the documentation. I've added an example of this to the userguide (docs build should have it up on the site in about 20 minutes. > I completely agree with your dislike for build scripts that require manual > interaction in general but I also think that signing artifacts is a prime > example for the exception to this rule. The whole point of such a signature > is that a person manually promotes a build to release, hopefully after > verifying that everything is really ok (e.g. there is no h4x0r backdoor code > that slips through unit tests). A signature in itself provides no quality guarantees, it only provides reasonable assurance of the source of the artifacts. To this end, the signing plugin doesn't attempt to say anything about QA. The hope is that the signing plugin is flexible enough for support users in their own QA practices. > This is not something that should be done during an automatic build. Just my > personal opinion, of course.CI systems would only build unsigned snapshots in > that scenario. That kind of pattern is possible with the plugin. > The rest of the documentation looks good. I haven't tried it out, though, so > I don't know if I'll run into problems while switching away from my own > signing plugin. This plugin has some extra necessary configuration that your version doesn't, so adding that and renaming the project properties should be all that's necessary. -- Luke Daley Principal Engineer, Gradleware http://gradleware.com --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
