Details

    • Type: Wish Wish
    • Status: Closed Closed
    • Resolution: Fixed
    • Labels:
      None

      Description

      "org.jitr","mavensync@web.sourceforge.net:/home/groups/j/ji/jitr/htdocs/repositories/release","rsync_ssh","Josh Devins","joshdevins@jitr.org",,

        Activity

        Hide
        brianfox brianfox added a comment -
        Please paste a link where i can view the repository contents, and make sure the artifacts are signed properly:
        See here for details on how it should be done:
        http://maven.apache.org/developers/release/releasing.html
        Show
        brianfox brianfox added a comment - Please paste a link where i can view the repository contents, and make sure the artifacts are signed properly: See here for details on how it should be done: http://maven.apache.org/developers/release/releasing.html
        brianfox brianfox made changes -
        Field Original Value New Value
        Assignee Brian Fox [ brianfox ]
        Hide
        Josh Devins added a comment - - edited
        http://www.jitr.org/repositories/release

        I have followed the instructions from: http://maven.apache.org/guides/mini/guide-central-repository-upload.html These make no mention of needing to sign the artifacts. The link you provided is for Maven developers, isn't it? I have other projects being rsync'd and this is not needed either. I suppose this is a new effort for security...

        Since I have already released the artifacts, is there a way to sign the existing ones already in the repo?

        Many thanks.
        Show
        Josh Devins added a comment - - edited http://www.jitr.org/repositories/release I have followed the instructions from: http://maven.apache.org/guides/mini/guide-central-repository-upload.html These make no mention of needing to sign the artifacts. The link you provided is for Maven developers, isn't it? I have other projects being rsync'd and this is not needed either. I suppose this is a new effort for security... Since I have already released the artifacts, is there a way to sign the existing ones already in the repo? Many thanks.
        Hide
        Josh Devins added a comment -
        "org.jitr","mavensync@web.sourceforge.net:/home/groups/j/ji/jitr/htdocs/repositories/release","rsync_ssh","Josh Devins","info@joshdevins.net",,

        New email address, jitr.org address is not working yet.
        Show
        Josh Devins added a comment - "org.jitr"," mavensync@web.sourceforge.net :/home/groups/j/ji/jitr/htdocs/repositories/release","rsync_ssh","Josh Devins"," info@joshdevins.net ",, New email address, jitr.org address is not working yet.
        Hide
        brianfox brianfox added a comment -
        We are trying to get more strict about artifacts in central, and making sure everything is signed provides more security for users that artifacts haven't been tampered with. You should be able to script a way to sign all the files, something like:
        find . | xargs -L1 -iFILE gpg --clearsign FILE
        Show
        brianfox brianfox added a comment - We are trying to get more strict about artifacts in central, and making sure everything is signed provides more security for users that artifacts haven't been tampered with. You should be able to script a way to sign all the files, something like: find . | xargs -L1 -iFILE gpg --clearsign FILE
        Hide
        Josh Devins added a comment -
        Done. Every file in /home/groups/j/ji/jitr/htdocs/repositories/release has been signed.
        Show
        Josh Devins added a comment - Done. Every file in /home/groups/j/ji/jitr/htdocs/repositories/release has been signed.
        Carlos Sanchez made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]
        Assignee Brian Fox [ brianfox ] Carlos Sanchez [ carlos ]

          People

          • Assignee:
            Carlos Sanchez
            Reporter:
            Josh Devins
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: