On 12/8/06, Brett Porter <[EMAIL PROTECTED]> wrote:
Why not? I think signing the metadata is just as important.
The maven-metadata.xml files? 1. It's not required by the readme file and 2. They change on every deployment, so you'd be overwriting the signature, which could well belong to someone else. That seems wrong to me-- signed artifacts should not change. But it doesn't matter that much to me, if you want them signed, change the readme file and we'll start doing it. -- Wendy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
