On Thu, 24 Oct 2019 at 21:17, Jan Lahoda <lah...@gmail.com> wrote: >> Still unsure about how we handle catalog and signing issues though. >> Am I right in thinking with current situation people will see a >> warning on update? Definitely see this already when re-enabling >> nb-javac. > > That is one of the things I'd like to try. The update will be a two phase > process - first update the nb/updatecenters module, and then nb-javac. I > *think* there should be no warning for the second update (because the NBM is > signed using the key that is embedded in the updatecenters module), but I am > less sure about how exactly the first update will work.
I'm fairly sure the first update at least will show a warning. Installing other nbms from the distribution UC does now. Check the link Reema shared that I posted earlier. We might be able to use that, in the short term manually signing the relevant updates via the web interface? Except that shows a browser security error for me. And also specifies .jar extension. What other options are there? Is there any *secure* way that we can add trust in the IDE for modules built on ASF infrastructure? If I understand it correctly, the current way the third-party UC does this will only work for a single build? Best wishes, Neil --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org For additional commands, e-mail: dev-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists