acanda
commented
8 years ago Is this more a nuisance or does it prevent installing the plugin?
Open nullterminated opened 8 years ago
acanda
commented
8 years ago Is this more a nuisance or does it prevent installing the plugin?
nullterminated
commented
8 years ago In a secure environment it prevents install. After XCodeGhost happened, I'm trying to get a secure development environment set up. Your plugin is a must have :) I realize there is some cost in doing code signing. So far, the best pricing I've found is:
http://www.lindersoft.com/order_codesigning.htm
or
http://codesigning.ksoftware.net/
As an alternative, I've figured out how to build from source and install it.
mvn clean integration-test -f ch.acanda.eclipse.pmd/pom.xml -B -Declipse-release=mars
to match what's happening in the travis.yml. Install site located in
ch.acanda.eclipse.pmd.repository/target/repository/
Maybe it would be worth mentioning how to do this with a brief explanation in the readme for others. I assume the build will work equally well on any release, but the eclipse-release parameter is for the integration tests.
Anyway, if the certificates are too expensive, I'll understand if you close without a fix. I plan on setting up my own signed builds if getting my favorite plugins signed isn't possible. I'm also trying to get eclipse to sign their tarballs (https://bugs.eclipse.org/bugs/show_bug.cgi?id=478481), but I'll probably be building that too :)
Thanks for replying so quickly. Really impressed with the amount of testing in your build.
acanda
commented
8 years ago Signing the plug-in is on my todo list, although with a very low priority. For now you have to build it yourself. But you're right that there should be a brief explanation so everyone knows how to build the plug-in.
The eclipse-pmd plugin needs to be signed.