kwin commented on code in PR #308: URL: https://github.com/apache/maven-gpg-plugin/pull/308#discussion_r2582069018
########## src/site/markdown/usage.md.vm: ########## @@ -58,113 +61,51 @@ First you add the plugin to your `pom.xml` like this: </project> ``` -Ideally, if invoked on workstation, you should rely on gpg-agent to collect passphrase from, as in that way no secrets will enter terminal history nor any file on disk. In agent-less \(batch\) sessions, typically on CI, you should provide passphrases via environment variable \(see goals\). - -**Note:** When using the GPG Plugin in combination with the Maven Release Plugin, on a developer Workstation, you should rely on gpg-agent, but have it "primed", as Release plugin invokes build in batch mode, that will prevent agent to present the "pinentry pop up". If fully unattended release is being done, for example on a CI system, then with `useAgent` set to `false` one can pass the passphrase via environment variable. +This will sign all attached artifacts of the current project during phase `verify`. -**To prime gpg-agent caches**, one can perform simple "sign" operation on workstation like this `echo "test" | gpg --clearsign` or can use gpg command [gpg-preset-passphrase](https://www.gnupg.org/documentation/manuals/gnupg/Invoking-gpg_002dpreset_002dpassphrase.html). +#[[##]]# Install/Deploy without configuring the plugin in the POM Review Comment: I would rather remove this section, as meanwhile there are other goals to achieve that. WDYT @cstamas? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
