Hi Jody and all, Regarding the GPG signing of jars, for releases I think this would usually be done en masse when you are submitting the release to sonatype for checking and publishing - at least that's how I've done it with little projects. So whoever is building the jars would normally be signing them, then deploying them to sonatype to be 'promoted' for publishing to central. I was imagining this would mean using a project-wide key / pass-phrase, or just getting whoever is driving the build for that release to use their own key for all jars.
Michael ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Geotools-devel mailing list Geotools-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geotools-devel