[
https://issues.apache.org/jira/browse/LUCENE-9975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17351667#comment-17351667
]
Dawid Weiss commented on LUCENE-9975:
-------------------------------------
I'm a bit confused. The build currently says we don't sign snapshots:
{code}
signing {
required { !version.endsWith("SNAPSHOT") }
sign publishing.publications.jars
}
{code}
but apache nexus clearly has signatures for pinned shapshot versions:
https://repository.apache.org/content/repositories/snapshots/org/apache/lucene/lucene-core/9.0.0-SNAPSHOT/
[~uschindler] - what's the version number override the jenkins build does
before it publishes to apache nexus?
I think this issue could be elegantly solved by creating two different
publications: jars and unsignedJars, then the "local" maven publishing tasks
wouldn't be signed, that's it. And nexus publications would have to be signed.
> Don't require artifact signing for local maven artifact publishing
> ------------------------------------------------------------------
>
> Key: LUCENE-9975
> URL: https://issues.apache.org/jira/browse/LUCENE-9975
> Project: Lucene - Core
> Issue Type: Improvement
> Reporter: Dawid Weiss
> Assignee: Dawid Weiss
> Priority: Minor
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
