[ https://issues.apache.org/jira/browse/UIMA-2008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12983898#action_12983898 ]
Jukka Zitting commented on UIMA-2008: ------------------------------------- We do something like this also in Jackrabbit and PDFBox. See for example the apache-release profile configuration in http://svn.apache.org/repos/asf/pdfbox/trunk/pom.xml. There we solve the lack of MD5 and SHA1 signatures by using the <checksum> task with the antrun plugin. > Don't attach large distribution artifacts for uima-as builds, but sign them > for releasing > ----------------------------------------------------------------------------------------- > > Key: UIMA-2008 > URL: https://issues.apache.org/jira/browse/UIMA-2008 > Project: UIMA > Issue Type: Improvement > Components: Build, Packaging and Test > Reporter: Marshall Schor > Priority: Minor > > The build process for distributions builds large binary assembly artifacts; > the build process at the top level under profile apache-release builds large > source-release.zip files. These files, for the uima-as distribution, are > made available after release on our download pages, and use the non-maven > Apache distribution mirroring system. > These files probably should not be "attached" in the maven sense for > uploading to maven central upon release; they will just waste space. > Change the build so these are not "attached". Find another way to get these > unattached things "signed" (currently done in the deploy step). One way is > to use maven antrun plugin to do an ant exec of the gpg command on the > artifact; there may be other ways. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.