[MGPG-130] - Update sigstore extension to ".sigstore.json"#109
[MGPG-130] - Update sigstore extension to ".sigstore.json"#109cstamas merged 1 commit intoapache:masterfrom
Conversation
|
I would leave old and add sigstore.json as well |
That works, we just don't intend on making any new signatures using that extension. But I have no strong preference. I'll update the PR |
|
Are any of the two maven sigstore plugins alive? Afair, they used ".sigstore" for extension... |
|
Both standalone plugin repositories are archived (1, 2), things were a little wild west at the beginning 🤷 . The "supported" plugin is integrated into the sigstore-java repository at https://github.com/sigstore/sigstore-java/tree/main/sigstore-maven-plugin. <-- this supersedes the code in https://github.com/sigstore/sigstore-maven-plugin (which is archived). The latest release at https://central.sonatype.com/artifact/dev.sigstore/sigstore-maven-plugin/0.11.0/versions |
|
@cstamas updated to re-include ".sigstore". I added a tracker to remove it in 6 months or so (sigstore/sigstore-java#759) |
Sigstore uses ".sigstore.json" extension in all our plugins, ".sigstore" is legacy
|
|
|
@cstamas any chance this could get another look? |
|
Resolve #256 |
1 similar comment
|
Resolve #256 |
".sigstore" is long deprecated. It's been about 18 months since we changed extensions. No current clients should be using this extension. Cleanup of: - apache#109 - sigstore/sigstore-java#759
Sigstore uses ".sigstore.json" extension in all our plugins, ".sigstore" is no longer used.
Context: https://github.com/sigstore/sigstore-maven-plugin/blob/main/src/main/java/dev/sigstore/plugin/SigstoreSignAttachedMojo.java#L47
This change is consistent across java clients (gradle) and language clients (python)
Following this checklist to help us incorporate your contribution quickly and easily:
before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should
address just this issue, without pulling in other changes.
[MGPG-XXX] - Fixes bug in ApproximateQuantiles, where you replaceMGPG-XXXwith the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the
first line of the commit message.
mvn clean verifyto make sure basic checks pass. A more thorough check will be performed on your pullrequest automatically.
mvn -Prun-its clean verify).If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure please ask on the
developers list.
To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.
the Apache License Version 2.0, January 2004
an Apache Individual Contributor License Agreement.