I see where you were coming from with the lifecycle now.
Do you also need to veryify them as part of the build process, or only
out of the repository itself?
Cheers,
Brett
On 12/07/2008, at 8:28 AM, Christian Edward Gruber wrote:
Nope. I'd have to check, but they're signatures which are then
zipped up with the code.
What I'm realizing is that this may actually be irrelevant, as their
whole packaging ends up different than a typical jar, and they have
index files and signatures against each .class file, and then the
whole is also signed. It's very convoluted and what we've been
doing in the mavenization effort is to un-jar (in a packaging
project) into a folder, do the various signatures, then sign the
collection, then zip it up, and that's the artifact from the
packaging project, as opposed to the original.
So never mind, they have an edge-case we're handling with post-
processing the whole artifact into a new artifact. I can't solve
their problem without a lot of convolution in one project, and the
new signing stuff won't really be relevant. (They're constrained by
an industry specification that includes this wierd signing protocol)
Christian.
On 11-Jul-08, at 13:59 , Brian E. Fox wrote:
Christian, what kind of files are produced with the sig? Are they
still
.asc?
--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
