sbt-pgp
sbt-pgp copied to clipboard
sbt
PGP plugin for sbt
Issue #121 - which is closed - suggested that sbt-pgp 1.1.1 would fix this problem: > java.io.IOException: destination file exists and overwrite == false Unfortunately that doesn't seem to be...
This makes it actually surprisingly difficult to override sbt-pgp settings in third-party plugins. You literally have to do your own `inScope(Global)` within `buildSettings` in order to make things get sequenced...
Specifically, everything seems to come up as `[OK]`, even when a key is untrusted. Example output: **With `useGpg := true`** ``` [info] ----- PGP Signature Results ----- [info] com.github.mpilquist :...
currently it's a bit easy to accidentally load bad packages ``` sbt clean update check-pgp-signatures do some stuff sbt update # downloads bad package sbt compile # compiles bad package...
There should be a tutorial on how to download and verify sbt-pgp and another other build plugins before sbt runs (and a malicious plugin stops sbt-pgp from working)
This is a feature request, I'll try to work on it myself when I can find time but I wanted to log the idea. The project is due for some...
Question: checkPgpSignatures seems to skip the signature checking for the couple dependency modules. Can we force it to check all dependencies? For example: my default xml shows 16 dependencies. However,...
https://github.com/softprops/bintray-sbt/pull/10#issuecomment-33467311
