Hi Werner,
My bintray account is ivargrimstad or ivar.grimstad_at_gmail.com
Ivar
On Thu, May 19, 2016 at 4:32 PM Werner Keil <werner.keil_at_gmail.com> wrote:
> I don't believe so. Anatole self-signed the javax.money artifacts and so
> did I (with a dedicated "uom" account but by myself) for javax.measure, so
> nothing has to be signed by Oracle even if it may be the Spec Lead.
> What Sonatype mandates is that every artifact (JAR, POM) has a .asc file,
> the others automatically generated by Maven if enabled also can't hurt.
> And with the account you intend to use, you need to ask for approval in
> its JIRA system to deploy into a particular groupID, but if you are EG
> member that should work. I never heard Sonatype to ask e.g. to enter the
> signing key into a "chain of trust" like you see at Apache.
>
> Kind Regards,
> Werner
>
>
> On Thu, May 19, 2016 at 4:27 PM, arjan tijms <arjan.tijms_at_gmail.com>
> wrote:
>
>> If we can just add the javax.security and org.glassfish.soteria group ID
>> to bintray/jfrog, then sure.
>>
>> Signing itself is not such an issue, but will just any signature be
>> accepted for the sync to Maven central, or does it really check it's a
>> registered signature from Oracle?
>>
>> I think MVC/Ozark just started using TravisCI, so for consistency we
>> might want to stick with that then.
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>
>>
>>
>> On Thu, May 19, 2016 at 4:22 PM, Werner Keil <werner.keil_at_gmail.com>
>> wrote:
>>
>>> Having these kinds of repos we could also automatically push the
>>> snapshots to JFrog from a CI server.
>>> Either TravisCI or CircleCI (just got ~18 Mio. $ VC funding, so they
>>> hopefully won't go away that soon;-) look good for that.
>>>
>>> Werner
>>>
>>>
>>> On Thu, May 19, 2016 at 4:20 PM, Werner Keil <werner.keil_at_gmail.com>
>>> wrote:
>>>
>>>> Anybody is welcome in the Bintray community. Being there allows you to
>>>> publish to bintray.com and JCenter. Maybe fewer (because you need to
>>>> sign the artifacts etc.) could then also sync important builds to
>>>> MavenCentral, but it may even be a first important step to have SNAPSHOTs
>>>> on https://oss.jfrog.org/artifactory/oss-snapshot-local/javax/
>>>> ("security" not there yet)
>>>>
>>>> Werner
>>>>
>>>>
>>>> On Thu, May 19, 2016 at 4:16 PM, arjan tijms <arjan.tijms_at_gmail.com>
>>>> wrote:
>>>>
>>>>> On Thu, May 19, 2016 at 4:14 PM, Werner Keil <werner.keil_at_gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Btw, I noticed when referring to the JSR 375 Twitter accont, it's not
>>>>>> overly busy nor does it have many followers. Who maintains it or created it?
>>>>>>
>>>>>
>>>>> It's not me, wasn't it Rudy?
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, May 19, 2016 at 4:11 PM, Werner Keil <werner.keil_at_gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> You may need to proof and point to being an EG member, either to
>>>>>>> jcp.org (the "source of truth" on that) or if they want the GitHub
>>>>>>> organization. That should be enough. Even in JSRs with a "less busy" Spec
>>>>>>> Lead than most of the EE ones right now, it is perfectly fine to have other
>>>>>>> committers and EG members help with that.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Werner
>>>>>>>
>>>>>>>
>>>>>>> On Thu, May 19, 2016 at 4:08 PM, arjan tijms <arjan.tijms_at_gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> On Thu, May 19, 2016 at 3:53 PM, Werner Keil <werner.keil_at_gmail.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>> Bintray not only hosts a large Maven repo (Jcenter) it can (there
>>>>>>>>> you need another account, but should not need to be Spec Lead only, members
>>>>>>>>> of the EG usually qualify) sync with MavenCentral.
>>>>>>>>>
>>>>>>>>
>>>>>>>> I wonder, does it accept artifacts for the javax.* group IDs? Would
>>>>>>>> you not somehow need to prove you are indeed associated with javax.* and
>>>>>>>> have the authorization to publish?
>>>>>>>>
>>>>>>>> Without that I guess everyone would be able to claim say javax.foo,
>>>>>>>> and sync that to Maven central, blocking or severely confusing the
>>>>>>>> integrity of that (parent) group ID?
>>>>>>>>
>>>>>>>> Kind regards,
>>>>>>>> Arjan Tijms
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Doing that with JSR 363 on a regular basis and other JSRs like 354
>>>>>>>>> though it's mostly done by Anatole (because he set up automatic signing for
>>>>>>>>> MavenCentral)
>>>>>>>>>
>>>>>>>>> BinTray/JCenter require all projects to have source-jars, if
>>>>>>>>> synchronized with MavenCentral one should also sign the JARs and everything
>>>>>>>>> else as .asc.
>>>>>>>>>
>>>>>>>>> Beside that Bintray also hosts all sorts of other artifacts,
>>>>>>>>> Vagrant or Docker containers just to name a few, might come handy to some
>>>>>>>>> JSRs e.g. for ready to use demos or distributions of Soteria on preferred
>>>>>>>>> app servers;-D
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>>
>>>>>>>>> Werner
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, May 19, 2016 at 2:45 PM, arjan tijms <
>>>>>>>>> arjan.tijms_at_gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Soteria and JSR 375 has been in development for quite some time
>>>>>>>>>> at 1.0-m01-SNAPSHOT.
>>>>>>>>>>
>>>>>>>>>> Although we didn't set specific goals for each milestone, it may
>>>>>>>>>> be a good idea to release what we have now as 1.0-m01 and set the next
>>>>>>>>>> version to 1.0-m02-SNAPSHOT.
>>>>>>>>>>
>>>>>>>>>> While updating the pom files is mostly trivial, it would make
>>>>>>>>>> sense to actually have version 1.0-m01 available in Maven central. This
>>>>>>>>>> will make it much easier for people to experiment with this milestone and
>>>>>>>>>> provide us with feedback.
>>>>>>>>>>
>>>>>>>>>> For this deployment we need someone from Oracle, as they own the
>>>>>>>>>> group IDs that we use.
>>>>>>>>>>
>>>>>>>>>> So:
>>>>>>>>>>
>>>>>>>>>> 1. What does everyone think about releasing a 1.0-m01?
>>>>>>>>>> 2. Alex, or Will, can either of you do the deployment to Maven
>>>>>>>>>> central?
>>>>>>>>>>
>>>>>>>>>> Kind regards,
>>>>>>>>>> Arjan Tijms
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>