Hello Brett, I am surprised by the concept of making a listener write the signature. Since the listener is working (I believe) on the build machine end and not on the repository end, there must be a mechanism to add the signature files to the list of files to transfer ? Does the listener "know" which files to sign (you probably want to sign jars, wars, zip, tgz and bz2 files, but not the md5 and sha1 files) ? Also where would you tell maven to attach this listener to the upload process ? in POM files ? or code it in different wagon providers ?
Concerning the web site of openpgp, I will rephrase the text to say that there is work in progress in wagon-openpgp. Regards, Antoine -------- Original-Nachricht -------- Datum: Tue, 31 Oct 2006 06:26:48 +1100 Von: Brett Porter <[EMAIL PROTECTED]> An: "Maven Developers List" <dev@maven.apache.org> Betreff: Re: [sandbox-openpgp] does maven really already use openpgp ? > I think it was true when I wrote it, but without proper integration I > didn't commit the changes to trunk as it would have been too disruptive. > > Still, wagon-openpgp does exist and between that and commons-openpgp > that's most of the work. > > http://svn.apache.org/repos/asf/maven/wagon/trunk/wagon-openpgp/src/ > main/java/org/apache/maven/wagon/openpgp/ > > See also: > http://docs.codehaus.org/display/MAVEN/Repository+Security+Improvements > > - Brett > > On 31/10/2006, at 4:41 AM, Antoine Levy-Lambert wrote: > > > Hi, > > > > I just read this on the web site of openpgp : > > > > http://jakarta.apache.org/commons/sandbox/openpgp/ > > > > "Currently, Maven uses it in its development version to sign > > libraries released to the repository." > > > > Is this true ? Is there a mojo which does it ? In which codebase is > > this mojo ? > > > > Regards, > > > > Antoine > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
