[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [cross-project-issues-dev] RAP is Contributing Unsigned Content
|
FYI,
Thanks to Markus Knauer's speedy handling, this problem is fixed and the
2022-09 staging repo already includes the fix, which I've verified via
this report:
https://download.eclipse.org/oomph/archive/reports-extra/staging-2022-09/download.eclipse.org/staging/2022-09
So we look to be in good shape for completion tomorrow.
One word of caution, if you are including content from the platform in
your own p2 repository (as is the case for RAP) you should use a recent
version of Tycho, e.g., 2.7.5 to ensure that PGP signatures and keys are
propagated from the originating repository to your target repository.
Regards,
Ed
On 05.09.2022 20:28, Ed Merks wrote:
FYI,
I noticed today that RAP is contributing unsigned content:
https://github.com/eclipse-rap/org.eclipse.rap/issues/50
This slipped through the testing/reporting because in the platform
4.25 repo, the artifact is PGP signed, but in the RAP repo it is not.
The reporting process gathers information from all the repos and it
finds PGP signed one first; that one then looks fine. The aggregator
picks up the one without the PGP signature, at least for
org.apache.commons.commons-io.
I'll try find if I can improve that in the aggregator, pick the
artifact that is PGP signed, but of course ideally RAP fixes this for
RC2 in their own repository.
Regards,
Ed