Hi,
I think Matthias Bläsing (correct me if I’m wrong) knows how to sign, but the
question here is why do we need to sign plugins that were already verified for
earlier NetBeans versions, what changed in NetBeans 17 that we need the signing
now?
I did get the same response for my plugins and I just signed them, but I was
wondering why this is needed now as well.
I thought I might missed something here and therefore just signed my plugins
and did a new release.
Kind regards,
Fabian
> Am 30.01.2023 um 21:09 schrieb Moacir da Roza <moaci...@gmail.com>:
>
> Hi a more detailed explanation, believe they need to be signed with a key
> included on keystore a more.
>
> *1-* Use java key tool on command line
>
> keytool -genkey -keyalg RSA -alias *my-key-alias-key* -keystore
> *keystore.jks* -validity 365
> Answer all question and password.
>
> *2-* Include on pom.xml
> <plugin>
> <groupId>org.apache.netbeans.utilities</groupId>
> <artifactId>nbm-maven-plugin</artifactId>
> <version>4.7</version>
> <extensions>true</extensions>
> <configuration>
> <author>Moacir da Roza flores-moaci...@gmail.com
> </author>
> <licenseName>GNU GENERAL PUBLIC LICENSE
> 3.0</licenseName>
> <licenseFile>LICENSE</licenseFile>
>
> * <keystore>${basedir}/keystore.jks</keystore>*
> <!- is more safe don't use a password hardcoded, so use a variable -->
>
> * <keystorepassword>${keypass}</keystorepassword>
> <keystorealias>my-key-alias-key</keystorealias> *
>
> </configuration>
> </plugin>
>
> *3- *Now build passing the password
> *mvn -Dkeypass=password nbm:nbm*
>
>
>
>
>
> Em seg., 30 de jan. de 2023 às 17:00, Moacir da Roza <moaci...@gmail.com>
> escreveu:
>
>> I believe they need to be signed with a key included on keystore
>>
>> *1-* Use java key tool:
>>
>> keytool -genkey -keyalg RSA -alias my-key-alias-key -keystore keystore.jks
>> -validity 365
>>
>>
>> *2-* Include on pom.xml
>> <plugin>
>> <groupId>org.apache.netbeans.utilities</groupId>
>> <artifactId>nbm-maven-plugin</artifactId>
>> <version>4.7</version>
>> <extensions>true</extensions>
>> <configuration>
>>
>> <netbeansInstallation>${netbeansInstalationPath}</netbeansInstallation> -->
>> <keystore>${basedir}/keystore.jks</keystore>
>> <keystorepassword>${keypass}</keystorepassword>
>> <keystorealias>my-key-alias-key</keystorealias>
>>
>> </configuration>
>> </plugin>
>> ....
>>
>> Em seg., 30 de jan. de 2023 às 15:03, Matthias Bläsing
>> <mblaes...@doppel-helix.eu.invalid> escreveu:
>>
>>> Hi,
>>>
>>> I asked for reverification of three plugins. These plugins:
>>>
>>> - PlantUML-NB
>>> - LDIF Editor
>>> - LDAP Explorer
>>>
>>> are verified for NB 11.0/12.0 till NB 16 version. Nothing was changed
>>> on the plugins for 17 and now the plugins are not good enough anymore.
>>> So what is going on?
>>>
>>> They are rejected, because they are not signed, fine, but then why is
>>> that an issue? The signatures gain you nothing as there is no trust
>>> anchor, we don't distribute blocked author certificates and the
>>> download from plugin portal is protected by the checksums.
>>>
>>> This is bogus, so what changed and why was this not communicated? I
>>> assume, that I was not the only one suprised by this. What is more, I'd
>>> need to do a full release cycle without any code changes, without any
>>> benefit.
>>>
>>> Greetings
>>>
>>> Matthias
>>>
>>> PS: Jiří I added you to direct CC as I'm not sure how closely you
>>> monitor dev@
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org
>>> For additional commands, e-mail: dev-h...@netbeans.apache.org
>>>
>>> For further information about the NetBeans mailing lists, visit:
>>> https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
>>>
>>>
>>>
>>>
>>
>> --
>> Moacir R.F
>> Desenvolvedor de Softwares
>>
>> https://www.moacirrf.com.br <http://www.moacirrf.com.br>
>>
>
>
> --
> Moacir R.F
> Desenvolvedor de Softwares
>
> https://www.moacirrf.com.br <http://www.moacirrf.com.br>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org
For additional commands, e-mail: dev-h...@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
