Re: [eclipse.org-architecture-council] Is jar signing mandatory?

["Daniel Megert" <daniel_megert@xxxxxxxxxx>]

+1!

Dani



From:
       Mike
Milinkovich <mike.milinkovich@xxxxxxxxxxxxxxxxxxxxxx>
To:
       eclipse.org-architecture-council@xxxxxxxxxxx
Date:
       17.03.2020
23:07
Subject:
       [EXTERNAL]
Re: [eclipse.org-architecture-council] Is jar signing mandatory?
Sent
by:        eclipse.org-architecture-council-bounces@xxxxxxxxxxx

---

On 2020-03-17 5:54 p.m., Mickael Istria
wrote:
2. this is not mandatory for projects,
ie as long as no contributor in a project cares about such certificate
of origin enough to contribute the build routine to produce them in the
project, I see no point in making this mandatory to other project contributors.
I disagree, because the output from Eclipse
projects is a reflection on all of us. If a major and public security kerfuffle
occurred because of a project who decided that they did not want to sign
a release artifact that could be signed, it would reflect badly on our
entire community. 
--

Mike Milinkovich

Executive Director | Eclipse Foundation, Inc.

mike.milinkovich@xxxxxxxxxxxxxxxxxxxxxx

@mmilinkov

+1.613.220.3223 (m)_______________________________________________
eclipse.org-architecture-council mailing list
eclipse.org-architecture-council@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council