]
Aurélien Pupier commented on JBIDE-13407:
-----------------------------------------
I attended a conference last 2 days and they mentioned 2 times the usage of [HashiCorp
Vault|https://www.vaultproject.io/] to manage secrets and jar signing with GPG key. Some
parts are fairly new. Maybe there are new shiny stuff that can be used.
Jar signing for JBT plugins/features
------------------------------------
Key: JBIDE-13407
URL:
https://issues.jboss.org/browse/JBIDE-13407
Project: Tools (JBoss Tools)
Issue Type: Feature Request
Components: build, updatesite
Affects Versions: 3.3.2.Final, 4.0.0.Final, 4.1.0.Alpha1
Reporter: Nick Boldt
Assignee: Nick Boldt
Priority: Optional
Fix For: LATER
Attachments: JBDS6-STS272-install-from-central-Unsigned-Content-Warning.png,
dialog_do-you-trust-these-certs.png, jbds-signed-plugins.png,
no-more-jboss-unsigned-content-but-what-about-org.sonatype.png
Investigate jar signing processes/options and locations of certs we can use for signing
of JBIDE / JBTIS community jars for repackaging into JBDS product.
Goal is to avoid seeing warning about installing unsigned content from Eclipse
Marketplace, p2 installer, or JBoss Central.