If we can just add the javax.security and org.glassfish.soteria group ID to
bintray/jfrog, then sure.
Signing itself is not such an issue, but will just any signature be
accepted for the sync to Maven central, or does it really check it's a
registered signature from Oracle?
I think MVC/Ozark just started using TravisCI, so for consistency we might
want to stick with that then.
Kind regards,
Arjan Tijms
On Thu, May 19, 2016 at 4:22 PM, Werner Keil <werner.keil_at_gmail.com> wrote:
> Having these kinds of repos we could also automatically push the snapshots
> to JFrog from a CI server.
> Either TravisCI or CircleCI (just got ~18 Mio. $ VC funding, so they
> hopefully won't go away that soon;-) look good for that.
>
> Werner
>
>
> On Thu, May 19, 2016 at 4:20 PM, Werner Keil <werner.keil_at_gmail.com>
> wrote:
>
>> Anybody is welcome in the Bintray community. Being there allows you to
>> publish to bintray.com and JCenter. Maybe fewer (because you need to
>> sign the artifacts etc.) could then also sync important builds to
>> MavenCentral, but it may even be a first important step to have SNAPSHOTs
>> on https://oss.jfrog.org/artifactory/oss-snapshot-local/javax/
>> ("security" not there yet)
>>
>> Werner
>>
>>
>> On Thu, May 19, 2016 at 4:16 PM, arjan tijms <arjan.tijms_at_gmail.com>
>> wrote:
>>
>>> On Thu, May 19, 2016 at 4:14 PM, Werner Keil <werner.keil_at_gmail.com>
>>> wrote:
>>>
>>>> Btw, I noticed when referring to the JSR 375 Twitter accont, it's not
>>>> overly busy nor does it have many followers. Who maintains it or created it?
>>>>
>>>
>>> It's not me, wasn't it Rudy?
>>>
>>>
>>>
>>>>
>>>>
>>>> On Thu, May 19, 2016 at 4:11 PM, Werner Keil <werner.keil_at_gmail.com>
>>>> wrote:
>>>>
>>>>> You may need to proof and point to being an EG member, either to
>>>>> jcp.org (the "source of truth" on that) or if they want the GitHub
>>>>> organization. That should be enough. Even in JSRs with a "less busy" Spec
>>>>> Lead than most of the EE ones right now, it is perfectly fine to have other
>>>>> committers and EG members help with that.
>>>>>
>>>>> Regards,
>>>>> Werner
>>>>>
>>>>>
>>>>> On Thu, May 19, 2016 at 4:08 PM, arjan tijms <arjan.tijms_at_gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> On Thu, May 19, 2016 at 3:53 PM, Werner Keil <werner.keil_at_gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Bintray not only hosts a large Maven repo (Jcenter) it can (there
>>>>>>> you need another account, but should not need to be Spec Lead only, members
>>>>>>> of the EG usually qualify) sync with MavenCentral.
>>>>>>>
>>>>>>
>>>>>> I wonder, does it accept artifacts for the javax.* group IDs? Would
>>>>>> you not somehow need to prove you are indeed associated with javax.* and
>>>>>> have the authorization to publish?
>>>>>>
>>>>>> Without that I guess everyone would be able to claim say javax.foo,
>>>>>> and sync that to Maven central, blocking or severely confusing the
>>>>>> integrity of that (parent) group ID?
>>>>>>
>>>>>> Kind regards,
>>>>>> Arjan Tijms
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Doing that with JSR 363 on a regular basis and other JSRs like 354
>>>>>>> though it's mostly done by Anatole (because he set up automatic signing for
>>>>>>> MavenCentral)
>>>>>>>
>>>>>>> BinTray/JCenter require all projects to have source-jars, if
>>>>>>> synchronized with MavenCentral one should also sign the JARs and everything
>>>>>>> else as .asc.
>>>>>>>
>>>>>>> Beside that Bintray also hosts all sorts of other artifacts, Vagrant
>>>>>>> or Docker containers just to name a few, might come handy to some JSRs e.g.
>>>>>>> for ready to use demos or distributions of Soteria on preferred app
>>>>>>> servers;-D
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Werner
>>>>>>>
>>>>>>>
>>>>>>> On Thu, May 19, 2016 at 2:45 PM, arjan tijms <arjan.tijms_at_gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Soteria and JSR 375 has been in development for quite some time at
>>>>>>>> 1.0-m01-SNAPSHOT.
>>>>>>>>
>>>>>>>> Although we didn't set specific goals for each milestone, it may be
>>>>>>>> a good idea to release what we have now as 1.0-m01 and set the next version
>>>>>>>> to 1.0-m02-SNAPSHOT.
>>>>>>>>
>>>>>>>> While updating the pom files is mostly trivial, it would make sense
>>>>>>>> to actually have version 1.0-m01 available in Maven central. This will make
>>>>>>>> it much easier for people to experiment with this milestone and provide us
>>>>>>>> with feedback.
>>>>>>>>
>>>>>>>> For this deployment we need someone from Oracle, as they own the
>>>>>>>> group IDs that we use.
>>>>>>>>
>>>>>>>> So:
>>>>>>>>
>>>>>>>> 1. What does everyone think about releasing a 1.0-m01?
>>>>>>>> 2. Alex, or Will, can either of you do the deployment to Maven
>>>>>>>> central?
>>>>>>>>
>>>>>>>> Kind regards,
>>>>>>>> Arjan Tijms
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>