Platinum Partner
java,tools & methods

Skipping the PGP Signing Process

If you need to install or deploy the maven artifact of your add-on to an internal repository server, and you don't need to deploy to a public OBR repository such as the RooBot server, you can choose to disable the PGP key signing process. Just comment out the maven-gpg-plugin entry in your project's pom.xml file, and you can then use the mvn install and mvn deploy commands internally:

<!-- comment out this block temporarily
<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <version>1.3</version>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <phase>verify</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>
-->

We suggest following the signing process anyway, as it verifies that a deployed maven artifact came from a given, trustable source. However, for internal testing and for non-critical applications, especially internal ones, disabling this check can save your some configuration headaches.

 

From http://www.rimple.com/tech/2011/9/4/skipping-the-pgp-signing-process.html

{{ tag }}, {{tag}},

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}
{{ parent.authors[0].realName || parent.author}}

{{ parent.authors[0].tagline || parent.tagline }}

{{ parent.views }} ViewsClicks
Tweet

{{parent.nComments}}