The pom files still MUST be signed. Even if they are generated, they are an important part of the distributed artifacts and thus must be signed. Basically, if I download a pom file, I need to able to be sure it is the CORRECT pom file and not a hacked version.
Dan On Tuesday November 21 2006 1:52 pm, Dan Diephouse wrote: > It seems that we can get by without having this in the header for the > moment (see the incubator thread). I'm going to start a vote shortly. > > - Dan > > Daniel Kulp wrote: > >On Monday November 20 2006 10:14 am, Bozhong Lin wrote: > >>signing for all those pom or maven-metadata.xml files should be no > >>problem. But those pom files are generated by maven during deploy > >>process, I am not sure we need to add Apache License Header, and how > >>can we add. > > > >The one for the top level (just cxf/2.0-incubator-M1) did retain the > >header. Thus, somehow, the release plugin is OK with it if the > > source is in some form or other. > > > >You may need to ask about it on the maven list. (or #maven on > >irc.codehaus.org) > > > >I wonder if putting the comment inside the <project> tag instead of > > before it would allow it to keep it. Something needs to be done. > > The ServiceMix vot on general@ was just flagged for it. > > > >Dan > > > >>Cheers, > >>Bo > >> > >>Daniel Kulp wrote: > >>>Bo, > >>> > >>>The pom files also need to be signed. I don't think the > >>>maven-metadata.xml files need to be, but it wouldn't hurt to do so. > >>>Thus, I would sign them as well. > >>> > >>>Also, a lot of the pom files don't have the proper Apache Licence > >>>header. That definitely needs to be fixed. > >>> > >>>Dan > >>> > >>>On Monday November 20 2006 9:54 am, Bozhong Lin wrote: > >>>>The new votable build has been uploaded here [1] again, hope this > >>>>time it will be really "votable", and I can go home for some sleep > >>>>now. :-) > >>>> > >>>>Cheers, > >>>>Bo > >>>> > >>>>[1] http://people.apache.org/~blin/ > >>>> > >>>>Bozhong Lin wrote: > >>>>>Looks like we got some more commits today for minor fixes (readme > >>>>>updates, bin scripts fixes, etc) and one major fix for Eclipse > >>>>>Tooling project. To ensure that every committer is happy about the > >>>>>votable build, I am going to cut another build right now. Please > >>>>> do NOT commit new code in the next two hours. If you need to > >>>>> commit any critical or major fixes, please let me know on IRC > >>>>> channel. > >>>>> > >>>>>Cheers, > >>>>>Bo > >>>>> > >>>>>Bozhong Lin wrote: > >>>>>>To avoid confusion of what are actual released artifacts, I > >>>>>>adjusted the uploaded directory a little bit. Accessing here [1] > >>>>>>should give you a more clear picture about release. > >>>>>> > >>>>>>Cheers, > >>>>>>Bo > >>>>>>[1] > http://people.apache.org/~blin/ > >>>>>> > >>>>>>Bozhong Lin wrote: > >>>>>>>Hi all, > >>>>>>> > >>>>>>>A votable build has been created and upload here [1]. It is > >>>>>>> great that the build includes all the minor issues addressed > >>>>>>> and also includes https demo and sequencetest fixes at final > >>>>>>> moment. > >>>>>>> > >>>>>>>The new version for next development iteration is now > >>>>>>>"2.0-incubator-RC-SNAPSHOT". > >>>>>>> > >>>>>>>Cheers, > >>>>>>>Bo > >>>>>>>[1] > >>>>>>>http://people.apache.org/~blin/incubator-cxf-2.0-M1/org/apache/c > >>>>>>>x f/ > >>>>>>> > >>>>>>>Bozhong Lin wrote: -- J. Daniel Kulp Principal Engineer IONA P: 781-902-8727 C: 508-380-7194 F:781-902-8001 [EMAIL PROTECTED]
