Hi,
Here is my proposal for https://www.eclipse.org/lists/p2-dev/msg05910.html 1. Do not ship 3rd party artifacts that are available in maven central with our p2 repo. 2. Have a file listing all the 3rd party libraries from Maven central. And p2 update (process) should pull 3rd party bundles from maven central. 3. For zips(product zips) we should do a PGP sign(we do have infrastructure for this). a. Since the product zips do contain 3rd party bundles(these are unsigned), we can either sign them or do a pgp sign on the zip 4. We need to do pgp sign where possible. I hope I am not going too radical way Thanks Sravan
_______________________________________________ p2-dev mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/p2-dev
