[ https://jira.codehaus.org/browse/MSHADE-90?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=272274#comment-272274 ]
Robert Burrell Donkin commented on MSHADE-90: --------------------------------------------- I had a think about whether turning on transformers by default would be a good idea (or not) but (on reflection) I agree with you that it's not. Yes, in terms of implementation then IMHO it would clearer to share the logic but not include a transformer by default. (If I understand correctly) "I don't see off-hand how to make a transformer log or otherwise communicate. Do you?" IIUY the point is that Transformers are (well) supposed to transform stuff, not verify. It's possible to use a Transformer then just throw an Exception but going forward, a separate verification would probably be better. > Warn or error for signature files > --------------------------------- > > Key: MSHADE-90 > URL: https://jira.codehaus.org/browse/MSHADE-90 > Project: Maven 2.x Shade Plugin > Issue Type: Improvement > Affects Versions: 1.4 > Reporter: Benson Margulies > > If you shade a signed jar, the .SF files travel into the shaded jar. And then > signature verification fails, and everyone gets consternated. > It seems to me that shade should, by default, error when it hits one of > these, and have a configuration option to strip them out. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira