[jakarta.ee-spec.committee] download.eclipse.org content is not signed,

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jakarta.ee-spec.committee] download.eclipse.org content is not signed, PGP signing still a question

From: Scott Stark <sstark@xxxxxxxxxx>
Date: Fri, 14 Jun 2019 00:00:42 -0700
Delivered-to: jakarta.ee-spec.committee@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jakarta.ee-spec.committee>
List-help: <mailto:jakarta.ee-spec.committee-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jakarta.ee-spec.committee>, <mailto:jakarta.ee-spec.committee-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jakarta.ee-spec.committee>, <mailto:jakarta.ee-spec.committee-request@eclipse.org?subject=unsubscribe>

So I was looking at the current TCK content on download.eclipse.org under:

https://download.eclipse.org/ee4j/jakartaee-tck/8.0.1/

And I see that none of the uploaded binaries have a PGP signature included.

So in going through the https://wiki.eclipse.org/IT_Infrastructure_Doc#Web_service GPG section, it indicates that each project has its own GPG keypair for use with its JIPP builds. We are therefore back to needing a Jakarta EE GPG key pair that could be used by any Jakarta EE build to sign its artifacts. I have updated the bug with a comment to this effect:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=547635

Prev by Date: [jakarta.ee-spec.committee] Certification Verification Form
Next by Date: [jakarta.ee-spec.committee] TCK challenge issue template
Previous by thread: [jakarta.ee-spec.committee] Certification Verification Form
Next by thread: [jakarta.ee-spec.committee] TCK challenge issue template
Index(es):
- Date
- Thread

Breadcrumbs