Hi,
yes, I know how I can sign JARs/NBMs, the point is: This was not
necessary for multiple NetBeans releases. I'm missing the explanation
why something, that was fine for at least 5, releases is now a problem.
That communication did not happen and was not discussed here.
Greetings
Matthias
Am Montag, dem 30.01.2023 um 17:00 -0300 schrieb Moacir da Roza:
> I believe they need to be signed with a key included on keystore
>
> *1-* Use java key tool:
>
> keytool -genkey -keyalg RSA -alias my-key-alias-key -keystore keystore.jks
> -validity 365
>
>
> *2-* Include on pom.xml
> <plugin>
> <groupId>org.apache.netbeans.utilities</groupId>
> <artifactId>nbm-maven-plugin</artifactId>
> <version>4.7</version>
> <extensions>true</extensions>
> <configuration>
>
> <netbeansInstallation>${netbeansInstalationPath}</netbeansInstallation> -->
> <keystore>${basedir}/keystore.jks</keystore>
> <keystorepassword>${keypass}</keystorepassword>
> <keystorealias>my-key-alias-key</keystorealias>
>
> </configuration>
> </plugin>
> ....
>
> Em seg., 30 de jan. de 2023 às 15:03, Matthias Bläsing
> <mblaes...@doppel-helix.eu.invalid> escreveu:
>
> > Hi,
> >
> > I asked for reverification of three plugins. These plugins:
> >
> > - PlantUML-NB
> > - LDIF Editor
> > - LDAP Explorer
> >
> > are verified for NB 11.0/12.0 till NB 16 version. Nothing was changed
> > on the plugins for 17 and now the plugins are not good enough anymore.
> > So what is going on?
> >
> > They are rejected, because they are not signed, fine, but then why is
> > that an issue? The signatures gain you nothing as there is no trust
> > anchor, we don't distribute blocked author certificates and the
> > download from plugin portal is protected by the checksums.
> >
> > This is bogus, so what changed and why was this not communicated? I
> > assume, that I was not the only one suprised by this. What is more, I'd
> > need to do a full release cycle without any code changes, without any
> > benefit.
> >
> > Greetings
> >
> > Matthias
> >
> > PS: Jiří I added you to direct CC as I'm not sure how closely you
> > monitor dev@
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org
> > For additional commands, e-mail: dev-h...@netbeans.apache.org
> >
> > For further information about the NetBeans mailing lists, visit:
> > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
> >
> >
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org
For additional commands, e-mail: dev-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
