Can I suggest that a phase in the default lifecycle be added after
packaging for signing (somewhere). It can have no default binding
plugin (such as integration-test) but if it's there, it's easier to
hook in things at the correct time.
Or a pre-package and post-package phase which would amount to the same
thing, and be probably more appropriate.
Or pre-package, package, post-package, package-sign. Why not go for
broke and have a fairly articulated full lifecycle. :)
Christian.
On 11-Jul-08, at 12:42 , Brett Porter wrote:
Hi,
I've wanted to pick up my work on this for some time and was prodded
by the [EMAIL PROTECTED] threads to take another crack at this.
http://docs.codehaus.org/display/MAVEN/Repository+Security (the
issue and related branches are linked)
I've created a couple of branches to try integrating the work again
in as simple and non-intrusive manner (both in code and to the user)
as possible. I already have commons-openpgp in the sandbox from some
time ago to deal with processing the signatures (it doesn't have any
external dependencies other than bouncy castle), so I'll integrate
that.
If anyone else wants to offer feedback or dive in, you're more than
welcome!
Cheers,
Brett
--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
