Re: [eclipse.org-architecture-council] Is jar signing mandatory?
Re: [eclipse.org-architecture-council] Is jar signing mandatory?Sent
On 2020-03-17 5:54 p.m., Mickael Istria
wrote:2. this is not mandatory for projects,
ie as long as no contributor in a project cares about such certificate
of origin enough to contribute the build routine to produce them in the
project, I see no point in making this mandatory to other project contributors.I disagree, because the output from Eclipse
projects is a reflection on all of us. If a major and public security kerfuffle
occurred because of a project who decided that they did not want to sign
a release artifact that could be signed, it would reflect badly on our
entire community. --
Director | Eclipse Foundation, Inc.
eclipse.org-architecture-council mailing list
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council