William A. Rowe Jr. wrote: > What I'd like to understand is if sending that built jar to a service, and > receiving > a signed jar back, is a hardship. I can imagine projects where there are > dozens of > jars to sign (commons comes to mind) where this would be difficult. What's > the > situation at the pivot project?
Jars are generally released one at a time, so besides an initial rush to get the latest releases signed, I doubt this would be too much of a problem. In maven-land, releases are completely automated with the maven-release-plugin, I would imagine jarsigning would just become an additional plugin tied into the release process. Regards, Graham --
