Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Skipping the PGP Signing Process

DZone's Guide to

Skipping the PGP Signing Process

· Java Zone ·
Free Resource

Get the Edge with a Professional Java IDE. 30-day free trial.

If you need to install or deploy the maven artifact of your add-on to an internal repository server, and you don't need to deploy to a public OBR repository such as the RooBot server, you can choose to disable the PGP key signing process. Just comment out the maven-gpg-plugin entry in your project's pom.xml file, and you can then use the mvn install and mvn deploy commands internally:

<!-- comment out this block temporarily
<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <version>1.3</version>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <phase>verify</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>
-->

We suggest following the signing process anyway, as it verifies that a deployed maven artifact came from a given, trustable source. However, for internal testing and for non-critical applications, especially internal ones, disabling this check can save your some configuration headaches.

 

From http://www.rimple.com/tech/2011/9/4/skipping-the-pgp-signing-process.html

Get the Java IDE that understands code & makes developing enjoyable. Level up your code with IntelliJ IDEA. Download the free trial.

Topics:

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}