There is no context in this post...
Note that the train contents themselves should be signed, not just those
things actually used in the packages. Here's what happens when that's
not the case:
https://www.eclipse.org/forums/index.php/mv/msg/1106767/1837377/#msg_1837377
Such a problem is harder to diagnose when sometimes an artifact is
signed and something it's not signed but has the same IU/ID; you never
know from which artifact repo the artifact is resolved from and once
cached, an older local signed version will be used instead of a newer
unsigned remote version, so I might not even notice while testing or
running newer tests...
Also, I thought that in fact the Maven artifact was modified in order to
make it into a bundle. Or is it a new artifact that wraps the
unmodified Maven jar (jar in jar)? Or did I misunderstand the process
completely?
On 29.01.2021 15:37, Mickael Istria wrote:
This also prevents from shipping the PDE/Maven integration by default
in packages because it contains BND artifact (unmodified from Maven)
that is not signed with the Eclipse certificate.
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev