This could again be my misunderstanding. This was my attempt to get all artifacts signed and this appeared to do it. But if it was already in place via the parent pom, yes, I doubt it actually does anything. Let us observe the result -- seems like we're making progress in integrating with the apache-release profile properly in several places, so perhaps that will happen to work now.
On Mon, Oct 26, 2009 at 7:15 AM, Isabel Drost <[email protected]> wrote: > On Fri Grant Ingersoll <[email protected]> wrote: > >> Why was gpg-plugin just added to the core pom and not higher up? >> All the artifacts produced need to be signed. > > The gpg-plugin is part of the apache-root-pom. See also: > > http://svn.apache.org/viewvc/maven/pom/trunk/asf/pom.xml?revision=766951&view=markup > > http://maven.apache.org/developers/release/releasing.html > > If all our artifacts inherit from that, they should all get signed, > right? > > Isabel >
