Maven Upload Requests

Brian Fox added a comment - 06/Apr/09 10:02 AM Please paste a link where i can view the repository contents, and make sure the artifacts are signed properly: See here for details on how it should be done: http://maven.apache.org/developers/release/releasing.html

Josh Devins added a comment - 07/Apr/09 3:26 PM - edited http://www.jitr.org/repositories/release I have followed the instructions from: http://maven.apache.org/guides/mini/guide-central-repository-upload.html These make no mention of needing to sign the artifacts. The link you provided is for Maven developers, isn't it? I have other projects being rsync'd and this is not needed either. I suppose this is a new effort for security... Since I have already released the artifacts, is there a way to sign the existing ones already in the repo? Many thanks.

Josh Devins added a comment - 07/Apr/09 3:30 PM "org.jitr","mavensync@web.sourceforge.net:/home/groups/j/ji/jitr/htdocs/repositories/release","rsync_ssh","Josh Devins","info@joshdevins.net",, New email address, jitr.org address is not working yet.

Brian Fox added a comment - 07/Apr/09 4:21 PM We are trying to get more strict about artifacts in central, and making sure everything is signed provides more security for users that artifacts haven't been tampered with. You should be able to script a way to sign all the files, something like: find . | xargs -L1 -iFILE gpg --clearsign FILE

Josh Devins added a comment - 18/Apr/09 9:47 AM Done. Every file in /home/groups/j/ji/jitr/htdocs/repositories/release has been signed.