[
https://issues.apache.org/jira/browse/UIMA-6444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Eckart de Castilho updated UIMA-6444:
---------------------------------------------
Fix Version/s: 3.4.1SDK
(was: 3.4.0SDK)
> Automatically sign Eclipse plugins during release builds
> --------------------------------------------------------
>
> Key: UIMA-6444
> URL: https://issues.apache.org/jira/browse/UIMA-6444
> Project: UIMA
> Issue Type: Improvement
> Reporter: Richard Eckart de Castilho
> Assignee: Richard Eckart de Castilho
> Priority: Major
> Fix For: 3.4.1SDK
>
>
> *Note:* we do have detached PGP signatures for the Eclipse update site
> artifacts - it is mandatory according to the ASF release policy - but they
> are currently not included in such a way that Eclipse can verify them and
> offer the user to trust them during the plugin installation process.
> ----
> Currently, we do not sign the Eclipse plugins because it is extra effort and
> the old way of using the Symantec Service are gone anyway.
> There is a new jarsigning approach which could be used.
> Alternatively, it is meanwhile possible to embed PGP signatures in P2
> repositories.
> Let's see which of these options are viable for us.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
