jira-importer commented on issue #263: URL: https://github.com/apache/maven-install-plugin/issues/263#issuecomment-2771862077
**[Charles Honton](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=charles_hon...@intuit.com)** commented Consider extracting checksums and signing into a separate plugin. Some organizations use their repository to stage, verify, and sign artifacts; no checksums are needed in this scenario. Some organizations also require public/private key signing; additional signing methods are needed in this scenario. advantages: * separation of concerns * flexibility to quickly add and configure new signing methods * availability of signing/checksuming non-artifacts short-term disadvantages: * additional default binding required in core maven * configuration is moving from install to signing plugin -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
