|Re: [cbi-dev] Signing CHE artifacts|
The foundation provides several signing services. They are only accessible from within the private LAN because, as Gunnar said, this is how we protect the Eclipse Foundation certificate from being used by anyone ;) The services are described on the wiki https://wiki.eclipse.org/IT_Infrastructure_Doc#Sign_my_plugins.2FZIP_files.3F. Find below some additional comments.
Jar signing (in the JVM signing meaning http://docs.oracle.com/javase/8/docs/technotes/tools/unix/jarsigner.html)
There are three ways to sign a jar @ eclipse.
OS X .app signing
Windows .exe signing
I you want to use the command line tool to sign jars, you have to fill a bug to ask for the permissions to use it as it is restricted to specific users.
Hope this helps.
Description: Message signed with OpenPGP using GPGMail