FYI... ---------- Forwarded message ---------- From: Daniel Kulp <[email protected]> Date: 2009/5/5 Subject: WARNING: Maven 2.1 and GPG plugin interaction problems..... To: Maven Developers List <[email protected]> Cc: [email protected]
This is just a warning that the Maven team has just discovered an interaction problem between Maven 2.1 and the maven-gpg-plugin that CAN result in the signatures for the installed/deployed poms being invalid. Signatures for the other artifacts (jars, wars, etc..) are unaffected and not all poms are affected. Thus, at this point, it's advisable to either use Maven 2.0.10 for releases or verify, check, and resign any affected poms. The Maven team is aware of the situation and is working on a fix. At this point, it's too early to determine if this will require changes to Maven 2.1.x or to the gpg plugin to fix this. However, we felt it was important to get the information out to the users as quickly as possible. -- Daniel Kulp [email protected] http://www.dankulp.com/blog -- Cheers, Stuart
signature.asc
Description: PGP signature
