Hi all, Here is a document that describes the strategy that has been implemented to allow PGP signatures as a valid replacement to jarsigner to ensure installed artifacts comes from trusted sources: https://docs.google.com/document/d/1dl10ia092X5hN1qfKoHYvriCNM-iBqiOkfjnntxaBbk/edit?usp=sharing
Feedback welcome! -- Mickael Istria Eclipse IDE <https://www.eclipse.org/eclipseide> developer, for Red Hat Developers <https://developers.redhat.com/>
_______________________________________________ p2-dev mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/p2-dev
