On Mon, 28 Oct 2019 at 19:00, Matthias Bläsing <[email protected]> wrote: > if I'm not mistaken, currently the NBMs we produce are not signed when > we release. This is what I suggest:
No, they're not. > - all updates will be signed with that key, as it is trusted, it can be > used to safely install updates How, or actually, where? That would still be a manual, local, job? It would be great if we could sign during the Jenkins build. Or does that just open another can of worms? The other option that comes to mind - Jan mentioned validating the GPG signatures - but would it be possible to just get the IDE to use our KEYS file as a source for validation? Best wishes, Neil --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
