Dirk,
As of the 2022-03 release, PGP signing is ready and approved for broader
adoption during the 2022-06 release cycle:
https://gitlab.eclipse.org/eclipse-wg/ide-wg/eclipseide.org/-/issues/11
On 05.04.2022 13:57, Dirk Fauth via cross-project-issues-dev wrote:
@Aleks
Maybe jetty is already signed correctly? How will be the process for
unsigned content?
Christoph Läubrich <lae...@laeubi-soft.de> schrieb am Di., 5. Apr.
2022, 13:54:
> When Maven Central is not OSGi artifact Orbit will be preferred.
I can only encourage everyone to open a ticket for such project
and help
them to include OSGi meta-data in the first place instead of
putting the
effort else-where, as adding those does not harm the project but
helps
integration it with just a few extra lines in the manifest.
Am 05.04.22 um 13:48 schrieb Aleksandar Kurtakov:
> Hey everyone,
> With PGP signing support, latest Tycho work and M2E extending
PDE so
> *.target files can refer/use dependencies from Maven Central
directly
> will prefer to use dependencies from Maven Central when updating
to new
> versions of libraries.
> This would be done only when we update to a new version of
libraries or
> the dependency we use is no longer available in the latest Orbit
build.
> When Maven Central is not OSGi artifact Orbit will be preferred.
> From releng POV it would simply remove the middle man
(Orbit/EBR) as
> Tycho automates what was achieved via EBR as an intermediate
step to be
> part of the regular build.
> Extra benefits are:
> * Eclipse will no longer ship modified version of upstream
release (PGP
> signature is in p2 metadata and not modifying the jar as
jarsigner does)
> * Eclipse will not longer ship bundles with symbolic names that
do not
> match upstream developers decision (as it happens with number of
Orbit
> artifacts)
> * Version updates could be done in chunks rather than all
changes at
> once to work with latest Orbit
>
> I strongly encourage other projects to take that path too for third
> party dependencies.
>
>
> --
> Aleksandar Kurtakov
> Red Hat Eclipse Team
>
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@eclipse.org
> To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list,
visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
