I think code signing should at this point be used just for Eclipse plugin Jars.
UIMA-AS has one Eclipse plugin jar which might use this. -Marshall On 1/26/2016 5:09 AM, Peter Klügl wrote: > I'll search for some answers, too > > I put the rc3 on hold without a vote mail for now. Do you consider code > signing also for uima-as? > > Best, > > Peter > > Am 25.01.2016 um 21:33 schrieb Marshall Schor: >> I only got to the point of setting up a way to log into the symantec site, >> where >> I can apparently add other users, and do some other things. >> >> To integrating this into our Apache UIMA build, I think the following needs >> to >> be figured out: >> >> 1) what Jars to sign. The only Jars we need signed in this way I think are >> the >> Eclipse Plugins (and maybe the Feature Jars - but I would be surprised...). >> >> 2) The build process for the plugins is complicated by the fact that both >> "packed" and "regular" Jars are built. The signing has to happen after all >> of >> that has finished, I think. I remember a long time ago reading something on >> the >> Eclipse websites about signing Eclipse things - that might be a place to >> start. >> >> 3) There was an ant task done - by some other project - but I haven't looked >> at >> it. The mail archives has some pointers (I think I may have copied info >> about >> this into a previous email). We probably should start a UIMA website page to >> collect all this info... >> >> I'll do some digging to see if I can add Peter as a signer and send him the >> credentials. The protocol used by Apache Infra was to send this info >> encrypted, >> so I'll do that. >> >> -Marshall >
