eclipselink icon indicating copy to clipboard operation
eclipselink copied to clipboard

Published 20 hours ago verified publisher icon eclipse-ee4j

Published artifacts should not be jarsigned

Open lukasj opened this issue 6 years ago • 2 comments

Artifacts delivered to maven central or through eclipselink.zip binary distribution should not be signed. Only artifacts distributed through eclipse update sites/p2 should be signed.

Caused by: https://git.eclipse.org/c/eclipselink/eclipselink.releng.git/commit/?id=5007eba861dd3e51e8cb8ae98302fffa04dfc8cc

lukasj avatar Aug 22 '19 14:08 lukasj

Seems this is now fixed in master as neither EclipseLink 2.7.5 or 2.7.6 were signed.

https://git.eclipse.org/c/eclipselink/eclipselink.releng.git/tree/promote.sh#n373 vs https://git.eclipse.org/c/eclipselink/eclipselink.releng.git/tree/promote.sh?id=5007eba861dd3e51e8cb8ae98302fffa04dfc8cc#n372

That being said, we can't include non-signed artifacts in the Eclipse Simultaneous Release, so I'm going to have to go back to using EclipseLink 2.7.3 when building WebTools.

https://bugs.eclipse.org/bugs/show_bug.cgi?id=559739

nickboldt avatar Feb 14 '20 03:02 nickboldt

@lukasj why not sign maven-deployed artifacts? Even though it is not necessary does it harm in any way?

laeubi avatar Aug 13 '21 09:08 laeubi