[
https://jira.codehaus.org/browse/MSHADE-90?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=272274#comment-272274
]
Robert Burrell Donkin commented on MSHADE-90:
---------------------------------------------
I had a think about whether turning on transformers by default would be a good
idea (or not) but (on reflection) I agree with you that it's not.
Yes, in terms of implementation then IMHO it would clearer to share the logic
but not include a transformer by default.
(If I understand correctly) "I don't see off-hand how to make a transformer log
or otherwise communicate. Do you?"
IIUY the point is that Transformers are (well) supposed to transform stuff, not
verify. It's possible to use a Transformer then just throw an Exception but
going forward, a separate verification would probably be better.
> Warn or error for signature files
> ---------------------------------
>
> Key: MSHADE-90
> URL: https://jira.codehaus.org/browse/MSHADE-90
> Project: Maven 2.x Shade Plugin
> Issue Type: Improvement
> Affects Versions: 1.4
> Reporter: Benson Margulies
>
> If you shade a signed jar, the .SF files travel into the shaded jar. And then
> signature verification fails, and everyone gets consternated.
> It seems to me that shade should, by default, error when it hits one of
> these, and have a configuration option to strip them out.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
