[ 
https://issues.apache.org/jira/browse/MINSTALL-143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16394282#comment-16394282
 ] 

Charles Honton commented on MINSTALL-143:
-----------------------------------------

Consider extracting checksums and signing into a separate plugin.  

Some organizations use their repository to stage, verify, and sign artifacts; 
no checksums are needed in this scenario.
Some organizations also require public/private key signing; additional signing 
methods are needed in this scenario.

advantages:
* separation of concerns
* flexibility to quickly add and configure new signing methods
* availability of signing/checksuming non-artifacts

short-term disadvantages:
* additional default binding required in core maven
* configuration is moving from install to signing plugin

> Move checksum generation from install to deploy plugin
> ------------------------------------------------------
>
>                 Key: MINSTALL-143
>                 URL: https://issues.apache.org/jira/browse/MINSTALL-143
>             Project: Maven Install Plugin
>          Issue Type: Improvement
>    Affects Versions: 3.0.0
>            Reporter: Karl Heinz Marbaise
>            Priority: Blocker
>             Fix For: 3.0.0
>
>
> We should move the checksum generation from maven-install-plugin to 
> maven-deploy-plugin cause the checksums will only be needed as a preparation 
> for the transfer to a remote repository but not for an installation into a 
> local repository.
> This needed to be done within maven-artifact-transfer component first.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to