[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [eclipse.org-architecture-council] Is jar signing mandatory?
|
+1!DaniFrom:
Mike
Milinkovich <mike.milinkovich@xxxxxxxxxxxxxxxxxxxxxx>To:
eclipse.org-architecture-council@xxxxxxxxxxxDate:
17.03.2020
23:07Subject:
[EXTERNAL]
Re: [eclipse.org-architecture-council] Is jar signing mandatory?Sent
by: eclipse.org-architecture-council-bounces@xxxxxxxxxxx
On 2020-03-17 5:54 p.m., Mickael Istria
wrote:2. this is not mandatory for projects,
ie as long as no contributor in a project cares about such certificate
of origin enough to contribute the build routine to produce them in the
project, I see no point in making this mandatory to other project contributors.I disagree, because the output from Eclipse
projects is a reflection on all of us. If a major and public security kerfuffle
occurred because of a project who decided that they did not want to sign
a release artifact that could be signed, it would reflect badly on our
entire community. -- Mike
Milinkovich
Executive
Director | Eclipse Foundation, Inc.
mike.milinkovich@xxxxxxxxxxxxxxxxxxxxxx
@mmilinkov
+1.613.220.3223
(m)_______________________________________________
eclipse.org-architecture-council mailing list
eclipse.org-architecture-council@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council