[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [tycho-user] Signing jars and P2
|
> What are you talking about? Do you even know how it works at Eclipse?
> The signing of artifacts that go out as official releases at Eclipse must
> pass through a highly secured machine for signing, and it's the only
> mechanism by which something can be signed.
Jason,
I knew that, Igor knows that, and it poses a problem for Tycho builds
-- according to Igor, who knows much more about it than I do.
Meanwhile, over at ASF infrastructure, there is a discussion going on
about how to sign official *Apache* releases. The goal is to have just
as much control as Eclipse.org has, but still allow a maven plugin to
do the signing via a web service in the midst of a build, which is
what is required to work with Tycho.
I perceived a tiny bit of humor in the possibility that we might end
up in a situation in which it is less cumbersome to make a
fully-signed release of an Eclipse plugin with Tycho at Apache than at
Eclipse. Emphasis on 'tiny'.
Is that clear?
--benson
