Hi all,
Excuse my confusion regarding this.
So what we need is to sign the NBMs using our PGP keys, right?
I mean, use our PGP keys for release builds and using some other PGP
keys for development builds,.
Thanks,
Antonio
El 10/11/19 a las 14:16, Jaroslav Tulach escribió:
Can’t we chan
Can’t we change/enhance the way we do signing?
1. If there is an .asc file next to the .nbm one, then use it to verify the
NBM. Search https://www.apache.org/dist/netbeans/KEYS to get list of approved
keys. Display trusted, if .asc file is OK.
2. If the NBM comes from Maven central, but isn’t
