In Linux Tools, we have switched over to use the
eclipse-jarsigner-plugin instead of eclipse-signing-maven-plugin.
We have noted that in past builds, we ended up getting a top-level
META-INF directory with signing info for artifacts.jar when we used the
old eclipse-signing-maven-plugin.
Is this an issue? Does anything use this info to verify that
artifacts.jar is not tampered with?
-- Jeff J.
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
