Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Skipping the PGP Signing Process

DZone's Guide to

Skipping the PGP Signing Process

· Java Zone
Free Resource

Just released, a free O’Reilly book on Reactive Microsystems: The Evolution of Microservices at Scale. Brought to you in partnership with Lightbend.

If you need to install or deploy the maven artifact of your add-on to an internal repository server, and you don't need to deploy to a public OBR repository such as the RooBot server, you can choose to disable the PGP key signing process. Just comment out the maven-gpg-plugin entry in your project's pom.xml file, and you can then use the mvn install and mvn deploy commands internally:

<!-- comment out this block temporarily
<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <version>1.3</version>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <phase>verify</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>
-->

We suggest following the signing process anyway, as it verifies that a deployed maven artifact came from a given, trustable source. However, for internal testing and for non-critical applications, especially internal ones, disabling this check can save your some configuration headaches.

 

From http://www.rimple.com/tech/2011/9/4/skipping-the-pgp-signing-process.html

Strategies and techniques for building scalable and resilient microservices to refactor a monolithic application step-by-step, a free O'Reilly book. Brought to you in partnership with Lightbend.

Topics:

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}