Oliver Heger wrote:
Dennis Lundberg wrote:
<snip/>
I had a look at the Apache Maven 1 repo at
http://people.apache.org/repo/m1-ibiblio-rsync-repository/
There doesn't seem to be any consistency when looking at different
components. I had a look at a few:
configuration:
- older jars have md5
- newer jars have md5 and asc
- older poms have no md5 or asc
- newer poms have md5
lang:
- jars have md5
- poms have md5
logging:
- older jars have md5
- newer jars have md5 and asc
- older poms have md5
- newer poms have md5 and asc
<snip/>
Section 8 of the Commons releasing components guide [1] demands that all
files placed in the ASF Java Respository need to be signed. I think that
this part is relative new, which explains why newer poms are signed
while older ones are not.
Thanks for that pointer Oliver. I guess this section is to comply with
the ASF release signing policy.
I still think that we should sign the poms (with the relocation element
added) only if they were signed when they were released.
By the way the Jakarta document needs to be updated as the
java-repository has moved on people.o.a. I will try to patch that.
Oliver
[1] http://jakarta.apache.org/commons/releases/release.html
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Dennis Lundberg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
