[
https://issues.apache.org/jira/browse/UIMA-2008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12983898#action_12983898
]
Jukka Zitting commented on UIMA-2008:
-------------------------------------
We do something like this also in Jackrabbit and PDFBox. See for example the
apache-release profile configuration in
http://svn.apache.org/repos/asf/pdfbox/trunk/pom.xml. There we solve the lack
of MD5 and SHA1 signatures by using the <checksum> task with the antrun plugin.
> Don't attach large distribution artifacts for uima-as builds, but sign them
> for releasing
> -----------------------------------------------------------------------------------------
>
> Key: UIMA-2008
> URL: https://issues.apache.org/jira/browse/UIMA-2008
> Project: UIMA
> Issue Type: Improvement
> Components: Build, Packaging and Test
> Reporter: Marshall Schor
> Priority: Minor
>
> The build process for distributions builds large binary assembly artifacts;
> the build process at the top level under profile apache-release builds large
> source-release.zip files. These files, for the uima-as distribution, are
> made available after release on our download pages, and use the non-maven
> Apache distribution mirroring system.
> These files probably should not be "attached" in the maven sense for
> uploading to maven central upon release; they will just waste space.
> Change the build so these are not "attached". Find another way to get these
> unattached things "signed" (currently done in the deploy step). One way is
> to use maven antrun plugin to do an ant exec of the gpg command on the
> artifact; there may be other ways.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
