Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [] Is jar signing mandatory?



From:        Mike Milinkovich <mike.milinkovich@xxxxxxxxxxxxxxxxxxxxxx>
Date:        17.03.2020 23:07
Subject:        [EXTERNAL] Re: [] Is jar signing mandatory?
Sent by:

On 2020-03-17 5:54 p.m., Mickael Istria wrote:
2. this is not mandatory for projects, ie as long as no contributor in a project cares about such certificate of origin enough to contribute the build routine to produce them in the project, I see no point in making this mandatory to other project contributors.
I disagree, because the output from Eclipse projects is a reflection on all of us. If a major and public security kerfuffle occurred because of a project who decided that they did not want to sign a release artifact that could be signed, it would reflect badly on our entire community.

Mike Milinkovich

Executive Director | Eclipse Foundation, Inc.



+1.613.220.3223 (m)_______________________________________________ mailing list
To unsubscribe from this list, visit

Back to the top