On Wed, Aug 31, 2011 at 10:52 AM, Igor Fedorenko <i...@ifedorenko.com> wrote: > Beware that Eclipse P2 does not like self-signed certificates all that much.
Gah. That's a pretty good reason to punt and just do the detached PGP sigs to make the release police happy. Unless someone wants to help me convince the board to pay for a commercial cert and come up with a way to deploy it as they do at the Eclipse foundation. > > [1] https://bugs.eclipse.org/bugs/show_bug.cgi?id=340345 > > -- > Regards, > Igor > > On 11-08-31 10:42 AM, Benson Margulies wrote: >> >> I've been helping Vincent& Hervé push Vincent's Eclipse plugins for >> Doxia file formats towards a release. I've got a tentative plan for >> code-signing and I felt that it should be exposed on the dev list. >> >> Eclipse uses standard Java X.509 JAR signing. The Apache Directory >> project also distributes Eclipse plugins, and handles this as follows: >> >> 1) They use a self-signed X.509 signature. In my view, the way to do >> this consistent with Apache process is to have each person serving as >> RM on this stuff generate their own and check the public key into the >> tree. >> >> 2) They also attach the usual sort of PGP detached signature files to >> all the files that they distribute. We can't do this with Maven in >> this case, at least not very well. >> >> I'm going to proceed down this line unless someone objects. Note that >> the ASF infrastructure site has some web pages that suggest the >> existence of an X.509 CA, but I can't find any evidence so far that it >> is alive. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org >> For additional commands, e-mail: dev-h...@maven.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
