The current signing mechanism actually works quite well and I had no
intention of changing that at this stage. I haven't seen any issues
with this, and adding such fine grained lifecycle stages would soon
get out of control (and frequent arguments as to the correct order).
If it were to be more built in, I would suggest making it a part of
<distributionManagement> and the deployment mechanism if anything, but
really the current plugin works fine for that.
Cheers,
Brett
On 12/07/2008, at 2:47 AM, Christian Edward Gruber wrote:
Can I suggest that a phase in the default lifecycle be added after
packaging for signing (somewhere). It can have no default binding
plugin (such as integration-test) but if it's there, it's easier to
hook in things at the correct time.
Or a pre-package and post-package phase which would amount to the
same thing, and be probably more appropriate.
Or pre-package, package, post-package, package-sign. Why not go for
broke and have a fairly articulated full lifecycle. :)
Christian.
On 11-Jul-08, at 12:42 , Brett Porter wrote:
Hi,
I've wanted to pick up my work on this for some time and was
prodded by the [EMAIL PROTECTED] threads to take another crack at
this.
http://docs.codehaus.org/display/MAVEN/Repository+Security (the
issue and related branches are linked)
I've created a couple of branches to try integrating the work again
in as simple and non-intrusive manner (both in code and to the
user) as possible. I already have commons-openpgp in the sandbox
from some time ago to deal with processing the signatures (it
doesn't have any external dependencies other than bouncy castle),
so I'll integrate that.
If anyone else wants to offer feedback or dive in, you're more than
welcome!
Cheers,
Brett
--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
