| Re: [platform-dev] Unsigned Content? |
Hi Ed, I assume this is result of changes in this bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=577522 Am 17. Dezember 2021 07:01:39 MEZ schrieb Ed Merks <ed.merks@xxxxxxxxx>: >Has the platform decided to bypass Orbit to produce IUs directly from >some other sources? I'm not sure how the multiple versions of such IUs >on the release train will be (or even can be) coordinated across >projects if the general new approach is that each project produces such >things purely for its own purpose from whatever sources it deems fit. > >Also, the artifacts are not signed, which is the reason that I noticed: > >https://download.eclipse.org/oomph/archive/reports/download.eclipse.org/eclipse/updates/4.23-I-builds/index.html > >Note that once an unsigned version of some specific artifact ID is out >there is the wild (in someone's bundle pool), it's extremely hard to >stamp it out unless a new version with a new artifact ID is created to >supersede it. > >Perhaps the platform has decided that PGP signatures are now deemed to >be fully secure and fully feature complete such that signatures are >obsolete? This is not the expectation I have based Planning Council >discussions. > >_______________________________________________ >platform-dev mailing list >platform-dev@xxxxxxxxxxx >To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/platform-dev -- Kind regards, Andrey Loskutov https://www.eclipse.org/user/aloskutov Спасение утопающих - дело рук самих утопающих