[
https://issues.jboss.org/browse/JBIDE-13407?page=com.atlassian.jira.plugi...
]
Nick Boldt commented on JBIDE-13407:
------------------------------------
If we build in brew, we get signing for free.
If we don't build in brew, we have to sign each and every plugin by hand (via RCM
ticket), then re-assemble the update site. For every CI or milestone or GA build.
Owners would be in PnT or RCM. Maybe Dave Russo's team (PST/SecOps) has budget for
this.
There's also a maven mojo [1] that is used at
eclipse.org for signing services which
if we could hook up a similar back end, we could incorporate into our builds too -
here's how it's used for DTP [2].
[1]
https://repo.eclipse.org/#nexus-search;quick~eclipse-jarsigner-plugin
[2]
http://git.eclipse.org/c/datatools/org.eclipse.datatools.git/tree/pom.xml...
Jar signing for JBT plugins/features
------------------------------------
Key: JBIDE-13407
URL:
https://issues.jboss.org/browse/JBIDE-13407
Project: Tools (JBoss Tools)
Issue Type: Feature Request
Components: build, updatesite
Affects Versions: 3.3.2.Final, 4.0.0.Final, 4.1.0.Alpha1
Reporter: Nick Boldt
Assignee: Nick Boldt
Priority: Optional
Fix For: LATER
Attachments: JBDS6-STS272-install-from-central-Unsigned-Content-Warning.png,
dialog_do-you-trust-these-certs.png, jbds-signed-plugins.png,
no-more-jboss-unsigned-content-but-what-about-org.sonatype.png
Investigate jar signing processes/options and locations of certs we can use for signing
of JBIDE / JBTIS community jars for repackaging into JBDS product.
Goal is to avoid seeing warning about installing unsigned content from Eclipse
Marketplace, p2 installer, or JBoss Central.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)