[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [cbi-dev] Signing CHE artifacts
|
Matthias is right. Sorry for not providing a link to that correct component.
Note that won't be able to just sign the .zip or tar.gz that you will upload. From what I see in the archives, you redistribute tomcat and other jars. You have to check with your PMC whether these jars should be signed with the Eclipse Foundation certificate. Also, you will need to extract the files in the archives in order to sign the jars within them as they are not update site or p2 repo. The /usr/bin/sign service only handle zip with update or p2 repo layout. Of course, you will be able to re-create the archive once the files are signed. I suggest you use the webservice to sign the jars individually, it is faster.
Cheers, Mikael
I think you can file a bug at
_______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxxTo change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/cbi-dev
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail