On Sep 3, 2011, at 9:15 AM, Benson Margulies wrote: It is also possible to have solution specific to jarsigner plugin, which
I believe you suggest. This, however, will only work for one way of
singing jars and will not work for eclipse.org projects, for example,
which cannot use jarsigner plugin due to the way eclipse foundation
manages signing certificate(s).
It is beginning to look as if ASF may end up with a signing discipline friendly to Tycho while Eclipse has none. Some might find this ironic.
What are you talking about? Do you even know how it works at Eclipse?
The signing of artifacts that go out as official releases at Eclipse must pass through a highly secured machine for signing, and it's the only mechanism by which something can be signed.
--
Regards,
Igor
On 11-09-02 7:24 AM, Benson Margulies wrote:
I'm having a discussion at ASF about how we could set up a signature
infrastructure, and I was hoping that Igor or someone could help me
understand some parameters.
Is it really required to sign the jars 'in the middle of the process'?
If I left signing out of the picture, and made a P2 repository, can I
then sign all the jars in plugins and features and achieve the desired
result?
Quite aside from the ASF, this to me suggests a slightly hackish
alternative to the lifecycle problem: a new that is built by
inheriting from the implementation of the jarsigner plugin. It's only
purpose is to not be in the standard lifecycle, so that the tycho
lifecycle could put it in the right place.
_______________________________________________
tycho-user mailing list
tycho-user@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/tycho-user
_______________________________________________
tycho-user mailing list
tycho-user@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/tycho-user
_______________________________________________ tycho-user mailing list tycho-user@xxxxxxxxxxxhttps://dev.eclipse.org/mailman/listinfo/tycho-user
Thanks, Jason ---------------------------------------------------------- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl---------------------------------------------------------
You are never dedicated to something you have complete confidence in. No one is fanatically shouting that the sun is going to rise tomorrow. They know it is going to rise tomorrow. When people are fanatically dedicated to political or religious faiths or any other kind of dogmas or goals, it's always because these dogmas or goals are in doubt.
-- Robert Pirzig, Zen and the Art of Motorcycle Maintenance
|