[
https://issues.apache.org/jira/browse/MGPG-74?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17822998#comment-17822998
]
Tamas Cservenak commented on MGPG-74:
-------------------------------------
This is not needed, as build/consumer was reworked. Hence, this is not a
requirement anymore, consumer POM is "just like any other attached artifact"
(but lazily generated)
> Signing based on InputStream
> ----------------------------
>
> Key: MGPG-74
> URL: https://issues.apache.org/jira/browse/MGPG-74
> Project: Maven GPG Plugin
> Issue Type: New Feature
> Reporter: Robert Scholte
> Priority: Major
>
> The current implementation uses the gpg executable with a set of arguments to
> sign files. Maven is working on a build/consumer process, where the local
> pom.xml is not exactly the same as the distributed pom.xml.
> WithÂ
> [FileTransformer|https://maven.apache.org/resolver/apidocs/org/eclipse/aether/transform/FileTransformer.html]
> any file can be transformed its result should be the signed.
> Based on https://www.openpgp.org/software/developer/ BouncyCastle (MIT
> Licensed) seems to be preferred option for Java.
> There should be a second implementation of AbstractGpgSigner using this
> library.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
