ppkarwasz commented on PR #422: URL: https://github.com/apache/commons-release-plugin/pull/422#issuecomment-4252120106
In https://github.com/apache/commons-release-plugin/pull/422/commits/16f776f54baa725884d8af5b338dc42d5569bf39 I added support for DSSE envelope signing, which leverages the functionality of the GPG Maven plugin to sign the attestation with GPG and wrap both the payload and signature in a single file. A lot of it is vibe-coded, mostly reviewed, but it needs a thorough review, especially on the documentation side. If this helps, I could split this PR into three parts: - the Jackson models for the data, - the generation of attestations without signing, - the signing feature. What do you think? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
