[
https://jira.codehaus.org/browse/MGPG-46?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dennis Lundberg updated MGPG-46:
--------------------------------
Attachment: MGPG-46.patch
Here is a proof of concept with a small IT for signing releases.
The implementation is based on Apache Commons OpenPGP, which is currently
unreleased and in the Commons Sandbox.
http://commons.apache.org/sandbox/commons-openpgp/
There are a number of limitations, some more severe than others:
* no support for using an agent
* no support for non-interactive mode
* no support for removing the default keyrings
* requires a passphrase
* requires that you specify the keyname
I think the last two are the most problematic.
IIRC during an ASF release when signing, Maven is forked and looses any command
line specified passphrase. I haven't looked into that yet.
Using the default key is probably a must as well. That'll need to be
implemented in Commons OpenPGP somehow.
Thoughts?
> Create a pure Java signer implementation
> -----------------------------------------
>
> Key: MGPG-46
> URL: https://jira.codehaus.org/browse/MGPG-46
> Project: Maven GPG Plugin
> Issue Type: New Feature
> Affects Versions: 1.4
> Reporter: Dennis Lundberg
> Attachments: MGPG-46.patch
>
>
> To make the plugin more portable it would be nice if we could have a signer
> that is implemented in pure Java. That way you wouldn't need to have GnuPG
> installed to use it, just the keyrings.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
