Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Copy project signed asc files into enforcer's data area

Description

Over time we have accumulated a few jar into our public repository which have not been signed by the author.

Some of them have no signatures at all. The enforcer currently handles this by looking for ${basedir}/src/main/enforcer (where basedir is usually idp-distribution. I have signed these jars and put the asc file there as part of the "grandfathering" process.

Some have asc file of project members . This task is to copy those asc files into the enforcer data space.

Environment

None

Activity

Rod WiddowsonDecember 9, 2021 at 9:47 AM

All done

Rod WiddowsonNovember 7, 2021 at 1:49 PM

This is now done for antlr.

As noted in this case and discussed in slack duoweb is different because we need to host the jar and the asc file can be co-located with that.

The duoweb issue raises an interesting option here.

If we are going to have to host jar files which are not in maven central in our own nexus, our repository no longer becomes “just for our artifacts”.

At this stage is becomes quite tempting to suggest that the other 13 asc files be moved from here to our respository (“Whats good for the 3rd party jar file is good for the 3rd party jae.asc file”).

The explorer would of course would “just work” and at our leisure we could strip these asc files from our git repo.


I’m going to assign this to Tom to think about.

Rod WiddowsonNovember 5, 2021 at 4:21 PM

It looks like this is “just”antlr.

duoweb isn’t in maven central so it needs to be dealt with differently (moving it to our non third party repo?

Completed

Details

Assignee

Reporter

Fix versions

Affects versions

Created November 5, 2021 at 4:20 PM
Updated December 9, 2021 at 9:47 AM
Resolved December 9, 2021 at 9:47 AM