Sorry, responded having read the commits list, not the dev list :)
I agreed with your mail - when I said metadata I meant POMs.
Definitely don't need to sign maven-metadata.xml.
- Brett
On 09/12/2006, at 12:19 PM, Wendy Smoak wrote:
On 12/8/06, Brett Porter <[EMAIL PROTECTED]> wrote:
Why not? I think signing the metadata is just as important.
The maven-metadata.xml files? 1. It's not required by the readme file
and 2. They change on every deployment, so you'd be overwriting the
signature, which could well belong to someone else. That seems wrong
to me-- signed artifacts should not change.
But it doesn't matter that much to me, if you want them signed, change
the readme file and we'll start doing it.
--
Wendy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
