On 1/30/07, Ted Husted <[EMAIL PROTECTED]> wrote:
If it's helpful, the notes we are using for the Struts 2 release under
Maven are here:
* http://struts.apache.org/2.x/docs/creating-and-signing-a-distribution.html
They are very specific, mainly because I'm getting on in years, and if
we don't have specific notes, I forget how to do things :)
cool :-)
the problem with creating specific notes for the apache site is that
they may contain stuff that some consider bad practice. for example, i
have major issues with the standard maven advice (which is to give the
passphrase in on the command line) and would consider -1 any attempt
to add that to the apache site. you *really* shouldn't be doing that
with any primary apache code signing key.
if you're going to use maven, i'd recommend dual signing: once with a
limited subkey and then adding a second secure key using the primary
code signing key store on removable media and signed from a live CD.
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
