Karl Heinz Marbaise commented on MINSTALL-143:

Hi Charles,
this is only about the generation of the checksums which will be  moved to the 
deploy plugin (or more accurate into artifact-transfer component). This has 
nothing to do with signing (see maven-gpg-plugin)...apart from that the ASF 
(Maven project also) does staging first but the staging of the artifacts 
includes already the checksums (md5, sha1) of the artifacts ...and Maven 
project uses GPG keys to sign artifacts which is also included during the 
staging (Take a look at the VOTE which is running on dev list)...furthermore 
the jira is not intended as discussion such things should be done on the dev 
mailing list...

> Move checksum generation from install to deploy plugin
> ------------------------------------------------------
>                 Key: MINSTALL-143
>                 URL: https://issues.apache.org/jira/browse/MINSTALL-143
>             Project: Maven Install Plugin
>          Issue Type: Improvement
>    Affects Versions: 3.0.0
>            Reporter: Karl Heinz Marbaise
>            Priority: Blocker
>             Fix For: 3.0.0
> We should move the checksum generation from maven-install-plugin to 
> maven-deploy-plugin cause the checksums will only be needed as a preparation 
> for the transfer to a remote repository but not for an installation into a 
> local repository.
> This needed to be done within maven-artifact-transfer component first.

This message was sent by Atlassian JIRA

Reply via email to