That reminds me - are the artifacts in UKP Artifactory signed (either code-signed or .asc etc. signed)?
When we "sign" a jar it would be good to know there's a chain of signed and verified components that went into what gets built. I don't remember if the artifact in the UKP Artifactory are actually bundled with what Ruta builds, or if they're just needed to compile? -Marshall On 1/28/2016 3:04 PM, Richard Eckart de Castilho wrote: > On 28.01.2016, at 18:17, Marshall Schor <[email protected]> wrote: >>> (Another question is: do we need code signing for the jars in the >>> artifactory? I would say no.) >> Not sure what the "artifactory" is? > Artifactory is a repository server product from JFrog ;) But I > would also guess Peter talks about Maven Central - unless he > talks about the UKP Lab Artifactory where we still host some > Eclipse artifacts that I believe Ruta needs for building. > > -- Richard >
