Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cross-project-issues-dev] Change in signing plug-in results in repository changes

In Linux Tools, we have switched over to use the eclipse-jarsigner-plugin instead of eclipse-signing-maven-plugin.

We have noted that in past builds, we ended up getting a top-level META-INF directory with signing info for artifacts.jar when we used the old eclipse-signing-maven-plugin.

Is this an issue? Does anything use this info to verify that artifacts.jar is not tampered with?

-- Jeff J.

Back to the top