Hi, yes, I know how I can sign JARs/NBMs, the point is: This was not necessary for multiple NetBeans releases. I'm missing the explanation why something, that was fine for at least 5, releases is now a problem.
That communication did not happen and was not discussed here. Greetings Matthias Am Montag, dem 30.01.2023 um 17:00 -0300 schrieb Moacir da Roza: > I believe they need to be signed with a key included on keystore > > *1-* Use java key tool: > > keytool -genkey -keyalg RSA -alias my-key-alias-key -keystore keystore.jks > -validity 365 > > > *2-* Include on pom.xml > <plugin> > <groupId>org.apache.netbeans.utilities</groupId> > <artifactId>nbm-maven-plugin</artifactId> > <version>4.7</version> > <extensions>true</extensions> > <configuration> > > <netbeansInstallation>${netbeansInstalationPath}</netbeansInstallation> --> > <keystore>${basedir}/keystore.jks</keystore> > <keystorepassword>${keypass}</keystorepassword> > <keystorealias>my-key-alias-key</keystorealias> > > </configuration> > </plugin> > .... > > Em seg., 30 de jan. de 2023 às 15:03, Matthias Bläsing > <mblaes...@doppel-helix.eu.invalid> escreveu: > > > Hi, > > > > I asked for reverification of three plugins. These plugins: > > > > - PlantUML-NB > > - LDIF Editor > > - LDAP Explorer > > > > are verified for NB 11.0/12.0 till NB 16 version. Nothing was changed > > on the plugins for 17 and now the plugins are not good enough anymore. > > So what is going on? > > > > They are rejected, because they are not signed, fine, but then why is > > that an issue? The signatures gain you nothing as there is no trust > > anchor, we don't distribute blocked author certificates and the > > download from plugin portal is protected by the checksums. > > > > This is bogus, so what changed and why was this not communicated? I > > assume, that I was not the only one suprised by this. What is more, I'd > > need to do a full release cycle without any code changes, without any > > benefit. > > > > Greetings > > > > Matthias > > > > PS: Jiří I added you to direct CC as I'm not sure how closely you > > monitor dev@ > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org > > For additional commands, e-mail: dev-h...@netbeans.apache.org > > > > For further information about the NetBeans mailing lists, visit: > > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org For additional commands, e-mail: dev-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists