On 08/15/2011 11:42 AM, Sergiu Dumitriu wrote: > On 08/15/2011 11:19 AM, Vincent Massol wrote: >> Hi, >> >> I think we should start signing our artifacts using PGP as explained here: >> https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven >> >> Here's my +1 > > +1. > > Do we use only one key, installed on the release machine? It should be > protected by a strong passphrase.
+1 I really don't like the "one key on the release box" idea. IMO each release manager should sign with their key which ofc never leaves their own computer. Caleb > >> >> Thanks >> -Vincent >> >> PS: I we agree I can commit the changes required to our top level POM to >> implement this (I have them locally already) > > PS2: When's the release user ready on one of the new agents? > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
