Hi *,
I propose to add maven-gpg-plugin to the release profile, similarly as I
did for javadoc and sources in
https://github.com/hawkular/hawkular-parent-pom/commit/d54a8d03b4ef251d59...
A pom.xml snippet is in
https://issues.jboss.org/browse/HAWKULAR-108
== Why?
Because Maven Central requires it [1]. Although apparently, they already
have accepted our unsigned artifacts already.
I would not let our CI to sign the SNAPSHOT releases.
== So what is the problem?
The team members doing releases would have to
* install native OS-level gpg software
* generate a key pair
* publish their public key
See [2]
Is the above acceptable?
Thanks,
Peter
[1]
http://maven.apache.org/guides/mini/guide-central-repository-upload.html#...
[2]
http://blog.sonatype.com/2010/01/how-to-generate-pgp-signatures-with-maven