Closed mbax closed 4 years ago
me4502
commented
5 years ago Having our own section would be a great idea. Especially if it includes information on using it with other tools commonly used in the MC community. I recently had a bit of an issue getting it to work with Artifactory's publish system, as signing adds to the archives, and if the signature file isn't present it would then fail to publish.
mbax
commented
5 years ago @me4502 Thanks for the feedback! Are there any other tools you can think of that should be included in our documentation?
me4502
commented
5 years ago Publishing tools would be the main ones that'd be likely to hit issues.
But having an example of signing a reobfuscated jar from ForgeGradle could be useful, even though it is relatively straight forward.
Faithcaio
commented
5 years ago Why do we restrict the email of the PGP-Key to the one you registered with?
DenWav
commented
5 years ago Why do we restrict the email of the PGP-Key to the one you registered with?
What do you mean by that? Surely you would allow users to upload multiple keys right?
Faithcaio
commented
5 years ago Doesn't look like its possible atm.
JBYoshi
commented
4 years ago Closing as Ore no longer uses PGP. https://forums.spongepowered.org/t/ore-2-0-0-m1-deployed/33808
Problem: Users have trouble generating and using PGP keys.
Solution proposed: Better describe to users how to generate the keys. Hold their hands through it. Offer other methods through which they could handle things (Keybase? Online javascript-only tool?). Create our own, simpler documentation for using Maven or Gradle for signing because what we presently link to is a bit more complicated than users need.