On Friday 26 Jul 2013 14:36:56 Simon Vocella wrote: > Hi toad, > > do you mean something like that? > > https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven > > Right now, i think it's the only solution
Yikes. So there's a reason that Maven doesn't verify signatures (or checksums) out of the box: To sell Nexus Pro contracts. That is not the sort of thing we want to be supporting, or using. Even if it is possible to verify signatures without using Nexus Pro. Maven (the OSS project) should fork, even if it means hiring separate infrastructure. The state of the Java quasi-commercial open source ecosystem can be thoroughly depressing sometimes. :( Conclusion? Build JNA ourselves, without Maven. Or don't bother, and don't ship JNA. Be extremely reluctant to use anything built with Maven in future. If I wrote anything more it would probably be civilly actionable. That is, if I haven't already committed an act of slander. Aaaaargh!
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
