15 Aug
2011
15 Aug
'11
6:04 p.m.
On 08/15/2011 11:42 AM, Sergiu Dumitriu wrote:
On 08/15/2011 11:19 AM, Vincent Massol wrote:
+1
I really don't like the "one key on the release box" idea.
IMO each release manager should sign with their key which ofc never leaves their own
computer.
Caleb
Hi,
I think we should start signing our artifacts using PGP as explained here:
https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures…
Here's my +1
+1.
Do we use only one key, installed on the release machine? It should be
protected by a strong passphrase.
Thanks
-Vincent
PS: I we agree I can commit the changes required to our top level POM to implement this
(I have them locally already)
PS2: When's the release user ready on one of the new agents?