23 Aug
2011
23 Aug
'11
2:18 a.m.
On Mon, Aug 22, 2011 at 12:30 PM, Sergiu Dumitriu <sergiu(a)xwiki.com> wrote:
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
On 08/15/2011 12:04 PM, Caleb James DeLisle wrote:
Found this:
http://lists.gnupg.org/pipermail/gnupg-users/2010-July/039112.html
On 08/15/2011 11:42 AM, Sergiu Dumitriu wrote:
The problem with this is that the GPG signing is supposed to happen during
mvn release:perform, which happens on the agent machine.
There are two options:
- temporarily install the personal private key on the server
- release from the local computer
Is there a way to tunnel the GPG signing to the local computer?
On 08/15/2011 11:19 AM, Vincent Massol wrote:
+1
I really don't like the "one key on the release box" idea.
IMO each release manager should sign with their key which ofc never leaves
their own computer.
Hi,
I think we should start signing our artifacts using PGP as explained
here:
https://docs.sonatype.org/**display/Repository/How+To+**
Generate+PGP+Signatures+With+**Maven<https://docs.sonatype.org/display/R…
Here's my +1
+1.
Do we use only one key, installed on the release machine? It should be
protected by a strong passphrase.
>
>> Thanks
>> -Vincent
>>
>> PS: I we agree I can commit the changes required to our top level POM to
>> implement this (I have them locally already)
>>
>
> PS2: When's the release user ready on one of the new agents?
>
>
--
Sergiu Dumitriu
http://purl.org/net/sergiu/