Hi Jiří, Am Freitag, dem 17.02.2023 um 18:49 +0100 schrieb Jiří Kovalský: > Anyway, I can give the context here. :) About two months ago Mani > (Cc:ed here) joined the team of plugin verifiers as a new volunteer and > during the introductory call with him we talked about whether plugins > should be signed. As per the Plugin Verification specification [1] the > installation instructions only mention: > > 1.8 If validation warning about self-signed certificate is displayed, > accept it by clicking Continue button. > > [1] > https://synergy.netbeans.apache.org/#/title/verification_of_apache_netbeans_plugin/ > > It says nothing about not signed plugins but we came to the conclusion > that if self-signed plugins are explicitly tolerated then not-signed one > should not. > > However, if you and Neil think that the signature check should be > excluded completely and NetBeans community supports it, let's remove it. > And even more if the whole verification process is seen as useless then > let's have an official community voting and then get rid of it!
I have mixed feeling about this, but my surprise did not come from the requirement to sign the package, but from the change in policy. If the plugin had not been approved multiple time before, I might have just shrugged if off, this way it felt very irritating. Anyway, I want to focus on other things, so for now lets keep it as is. Seems to be working. > As an immediate fix I have changed my NoGo to Go for all your 3 plugins > and hereby ask Carlos/Geertjan/Mani to do the same if they agree. Thank you. Greetings Matthias --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org For additional commands, e-mail: dev-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
