[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [cbi-dev] Signing CHE artifacts
|
I think the development resources page in the wiki could need an update, it sent me to the portal to get she'll access, but I couldn't find anything like that there. Also the wiki pages around build seem outdated (can't check from the airport).
On Friday, 11 March 2016, Mikaël Barbero <
mikael@xxxxxxxxxxx> wrote:
Matthias is right. Sorry for not providing a link to that correct component.
Note that won't be able to just sign the .zip or tar.gz that you will upload. From what I see in the archives, you redistribute tomcat and other jars. You have to check with your PMC whether these jars should be signed with the Eclipse Foundation certificate. Also, you will need to extract the files in the archives in order to sign the jars within them as they are not update site or p2 repo. The /usr/bin/sign service only handle zip with update or p2 repo layout. Of course, you will be able to re-create the archive once the files are signed. I suggest you use the webservice to sign the jars individually, it is faster.
Cheers,
Mikael