Beware that Eclipse P2 does not like self-signed certificates all that much.
[1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=340345 -- Regards, Igor On 11-08-31 10:42 AM, Benson Margulies wrote:
I've been helping Vincent& Hervé push Vincent's Eclipse plugins for Doxia file formats towards a release. I've got a tentative plan for code-signing and I felt that it should be exposed on the dev list. Eclipse uses standard Java X.509 JAR signing. The Apache Directory project also distributes Eclipse plugins, and handles this as follows: 1) They use a self-signed X.509 signature. In my view, the way to do this consistent with Apache process is to have each person serving as RM on this stuff generate their own and check the public key into the tree. 2) They also attach the usual sort of PGP detached signature files to all the files that they distribute. We can't do this with Maven in this case, at least not very well. I'm going to proceed down this line unless someone objects. Note that the ASF infrastructure site has some web pages that suggest the existence of an X.509 CA, but I can't find any evidence so far that it is alive. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org