We have a legacy project that is pretty heinous in terms of build time and this is severely affecting delivery times. There are many pieces of refactoring to break this down into a more manageable build, that need to be done, but one quick win is to sort out the signing of dependencies and transient dependencies.
There’s three modules where this occurs, and on a clean install it will sign spring, etc. once, then move onto the next webstart application and sign many of the same jars again. Ie. noddy-app-webstart signs all of spring, then shoddy-app-webstart signs all of spring again. This is also wasteful as the cert does not expire for several years. I can think of a few things to solve this but they greatly increase management of the build, for example, deploying the artifacts signed to a maven repo would be one approach and then only pulling in the classified version. However, this makes adding in new dependencies a pain and the build less portable. It will also take a lot of time upfront to sign and then deploy the classified versions (unless there’s a plug-in that can be run against the project to take the depedendencies, sign them and then deploy them classified). Using profiles to disable signing can also be done for development builds, but this makes the dev builds inconsistent to the live builds and there’s still the long time it takes to do a live build. Are there other solutions to this problem?
