We have a large number of legacy dependencies that we need to sign. I am trying to cache those that are not signed into an internal repository to reduce build time.
So I created another project to sign them and load them into our private repository. I am using a classifier to indicate the signed ones. For example, <classifier>signed</classifier>. Those are pulled properly. However, those dependencies have many transitive dependencies that are signed as well, but not pulled. The reason is because in the original pom, they point to the unsigned ones. What is the best (maven) way to resolve this? I can simply ignore the classifier part I guess as a simple solution. I will appreciate a better approach.
