Hi, On Dec 10, 2007, at 8:17 AM, Carsten Ziegeler wrote:
We can use maven to build the distribution, maven is also able to directly sign the release etc.
Please refer to http://wiki.apache.org/jdo/KeysAtApache?highlight=% 28key%29%7C%28signing%29 for key information.
I think we need some additionalinformation in our pom for this (I have to look at the maven docs for this).The release should be signed, so people can download the release and verify the signature.
The maven plugin helps but doesn't replace the need to understand what keys are and how they work.
Anyone who will cut the release needs to have a release-signing key. While in the incubator, it's not a requirement that the key be signed by others, but afterwards the release manager really should have the key signed.
Craig Craig Russell Architect, Sun Java Enterprise System http://java.sun.com/products/jdo 408 276-5638 mailto:[EMAIL PROTECTED] P.S. A good JDO? O, Gasp!
smime.p7s
Description: S/MIME cryptographic signature
