I've documented a proposed approach on the website: https://uima.apache.org/dev-eclipse-plugin-signing
This can also be reached from the home page -> (left nav bar) Eclipse Update Sites -> Information for developers -> information about plugin signing The basic idea is a 2 phase approach - the first phase is normal, like now, no signing, producing the release candidate to vote on. Once the Vote passes, then a simple/mechanical repackaging of the update site is done, including signing, with just a sanity check at the end that the result installs: 1. run the ant script "prepare-to-sign" 2. manually sign on to the signing portal, upload the jars in target/eus-work/plugins, sign them, and download the signed jars to target/eus-work-signed/plugins 3. run the ant script "finish-after-signing" This avoids charging Apache for signing for release candidates that subsequently fail. Because the actions following the vote are only mechanical "binary" packaging, I think we don't need another vote. I'm working on making the ant scripts for this, using the uimaj-v3 as the guinea pig. WDYT? -Marshall
