On 2/25/07, Ted Husted <[EMAIL PROTECTED]> wrote:
I think I might have to step away from the release manager role. Or, at least the deployment of the Maven artifacts. I have a lot of trouble getting the Maven signing plugins or scripts to work. Signing all these Maven artifacts by hand is not something I can do on a regular basis. I'll fix 2.0.6, but, otherwise, this might have to be my last Maven distribution.
Well, _that_ was certainly not my intent! You shouldn't have to sign them "by hand" -- there are far too many of them to make that a reasonable requirement. Prior to the gpg plugin being available I used a script to recursively sign the jars in my local repo, and then upload the signatures. I think Paul just used it for the Struts 1.3.7 signatures. It's a bash shell script (I use Cygwin), but surely we have enough talent around here to convert it to a script that will work on Windows... Here's the signature part... # Recursively pgp sign files in a directory structure # Adapted from: http://gleamynode.net/wordpress/archives/129 echo -n "PGP Key Password: " stty -echo read PASSWORD stty echo echo "" for FILE in $(find . -name "*.jar" -or -name "*.pom"); do echo -n "Signing: $FILE ... " echo "$PASSWORD" | gpg --default-key "$DEFAULT_KEY" --detach-sign --armor --no-tty --yes --passphrase-fd 0 "$FILE" && echo done. done Unfortunately, this isn't something another committer can volunteer for, the signatures really need to come from the person who built the jars. -- Wendy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]