gnodet commented on PR #432: URL: https://github.com/apache/maven-resolver/pull/432#issuecomment-1962863211
> So to recap, what I tried to explain to Slawek. This PR: > > * defines `Artifact Generator` SPI (there may be multiple of those present in system) > * defines `Signer Artifact Generator` that is one provider for SPI, that defines Signer API (there may be multiple of those present in system) Now that you put it that way, I'm not really convinced we need a Signer SPI here. The code of the ArtifactGenerator which calls the signers is trivial, so it seems to me that the GpgSigner could directly implement the Artifact Generator SPI. > * implements GpgSigner that is one Signer implementation provided out of the box > > Naturally, as generators are ordered, signer generator is expected to be "among last" and sign not only artifacts in request (install/deploy) but also "so far generated artifacts" (if they are relevant). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
