[jira] [Closed] (MNG-7776) don't fingerprint Sigstore signatures (like GPG)

Guillaume Nodet (Jira) Thu, 01 Jun 2023 08:18:07 -0700


     [ 
https://issues.apache.org/jira/browse/MNG-7776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Guillaume Nodet closed MNG-7776.
--------------------------------
    Resolution: Fixed

Closing this one, as I don't think there's anything left to do.

> don't fingerprint Sigstore signatures (like GPG)
> ------------------------------------------------
>
>                 Key: MNG-7776
>                 URL: https://issues.apache.org/jira/browse/MNG-7776
>             Project: Maven
>          Issue Type: Improvement
>    Affects Versions: 3.9.1, 4.0.0-alpha-5
>            Reporter: Herve Boutemy
>            Assignee: Herve Boutemy
>            Priority: Major
>
> Maven repository format requires .md5 and .sha1 fingerprints/checksums for 
> every artifact: https://maven.apache.org/repository/layout.html
> .GPG signature (.asc) is not considered as an artifact, and it does not 
> require these fingerprints
> While working on Sigstore support in addition to GPG, the same should be done 
> for Sigstore signatures: no fingerprint for .sigstore files (like no GPG 
> signature for Sigstore signature: see MGPG-86)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (MNG-7776) don't fingerprint Sigstore signatures (like GPG)

Reply via email to