2013/5/14 Andrew Phillips <[email protected]>: > Quoting Olivier Lamy <[email protected]>: > >> Hi, >> You say ".... staging/releases ...". >> Really ? >> You want to share a gpg key which can sign official Apache release in >> an external system where you don't have any control on who has access >> and read files ? > > > I don't think that was the plan. Signed releases have not been produced on > external systems so far, either. > > As Andrew B's question pointed out, we would only need to look at a solution > for this if *snapshots* are also expected to be signed. Is that the case?
Nope no need of sign snapshots that's not official release. > > We haven't been signing them so far (see e.g. [1]), hence have not run into > this problem yet... > > Thanks! > > ap > > [1] > https://oss.sonatype.org/content/repositories/snapshots/org/jclouds/jclouds-project/1.7.0-SNAPSHOT/ -- Olivier Lamy Ecetera: http://ecetera.com.au http://twitter.com/olamy | http://linkedin.com/in/olamy
