> But all these problems are gone if there is a P2 connector, right? :)
not really (even though I have not investigated in full details) as this
is more on the producing than on the consumer site and P2 sites are
usually packed as an own artifact than deployed to a folder/webserver
directly.
> In the first mail I explained the "fate" of m-gpg-p, it will possibly
> just "configure" things, and will not sign anything.
In the end one might just see it how it works out, but probably one
could have just an option to do
Path artifact = ...
Signature sig = myCoolNewSigningService.sign(artifact, 'pgp');
Probably just a dream... ;-)
Am 07.12.22 um 15:44 schrieb Tamás Cservenák:
On Wed, Dec 7, 2022 at 3:18 PM Christoph Läubrich <m...@laeubi-soft.de>
wrote:
Another point is that currently we reuse signatures attached by m-pgp-p
for embedding them in other meta-data as well (p2 repository) so if only
the deploy will generate the signature and do not make it accessible we
would need to generate the signature again.
But all these problems are gone if there is a P2 connector, right? :)
> so I guess a plugin could make use of signer as well...
I thought so because how would m-pgp-p make use of it then?
In the first mail I explained the "fate" of m-gpg-p, it will possibly just
"configure" things, and will not sign anything.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
