Re: [all] Preventing assembly archives from being deployed to nexus.

On 3 December 2017 at 01:32, Rob Tompkins wrote: > > >> On Dec 2, 2017, at 4:42 PM, Charles Honton wrote: >> >> I’ve been down this path about a year ago. We’re relying on the side effect >> of these assemblies being artifacts for the GPG plugin to sign

Re: [all] Preventing assembly archives from being deployed to nexus.

> On Dec 2, 2017, at 4:42 PM, Charles Honton wrote: > > I’ve been down this path about a year ago. We’re relying on the side effect > of these assemblies being artifacts for the GPG plugin to sign them. There > is an outstanding JIRA

Re: [all] Preventing assembly archives from being deployed to nexus.

I mean from here: MD5 is a base requirement like the GPG signature is. Additional sha hashes are useful, though. I usually generate SHA-256 or SHA-512 with a release if I'm handling it manually. On 2 December 2017 at 17:50, Gary Gregory

Re: [all] Preventing assembly archives from being deployed to nexus.

MD5 is just a kind of hash, as is SHA-1. SHA-512 should reduces the odds of collisions. IMO what matters is that we provide a hash for each file. Gary On Sat, Dec 2, 2017 at 4:26 PM, Matt Sicker wrote: > I thought md5 files were required? Unless that's project-specific (or

Re: [all] Preventing assembly archives from being deployed to nexus.

I thought md5 files were required? Unless that's project-specific (or Maven Central required?). On 2 December 2017 at 17:07, Gary Gregory wrote: > On Sat, Dec 2, 2017 at 3:51 PM, Rob Tompkins wrote: > > > > > > > > On Dec 2, 2017, at 4:22 PM, Gary

Re: [all] Preventing assembly archives from being deployed to nexus.

On Sat, Dec 2, 2017 at 3:51 PM, Rob Tompkins wrote: > > > > On Dec 2, 2017, at 4:22 PM, Gary Gregory wrote: > > > > Hi Rob, > > > > Note that for Commons Daemon we do want to deploy the bin zip that > contains > > the Windows DLL/EXEs. > > Indeed,

Re: [all] Preventing assembly archives from being deployed to nexus.

> On Dec 2, 2017, at 4:22 PM, Gary Gregory wrote: > > Hi Rob, > > Note that for Commons Daemon we do want to deploy the bin zip that contains > the Windows DLL/EXEs. Indeed, this would need to be done at a component level to accommodate just that. But, with Chas’

Re: [all] Preventing assembly archives from being deployed to nexus.

I’ve been down this path about a year ago. We’re relying on the side effect of these assemblies being artifacts for the GPG plugin to sign them. There is an outstanding JIRA (https://issues.apache.org/jira/browse/MGPG-43 ) to support signing

Re: [all] Preventing assembly archives from being deployed to nexus.

Hi Rob, Note that for Commons Daemon we do want to deploy the bin zip that contains the Windows DLL/EXEs. Some folks, like me, depend on it in order to include the Windows EXE/DLLs in builds. Gary On Sat, Dec 2, 2017 at 2:06 PM, Rob Tompkins wrote: > Hello all, > > In my

[all] Preventing assembly archives from being deployed to nexus.

Hello all, In my work on the [build-plugin], I’ve come across the following mechanism to prevent the [maven-assembly-plugin] from deploying the artifacts to nexus. If in the configuration section of the plugin, you put “false” the archives that the [maven-assembly-plugin] creates will not get