Retire plugin

[slawekjaranowski]

As Apache Maven GPG Plugin supports now:

• support BC BouncyCastle java library signer -gpg binary is not necessary
• support environment variables
• works with Maven 4

https://maven.apache.org/plugins/maven-gpg-plugin/examples/deploy-signed-artifacts.html#sign-using-bc-signer

I'm going to retire this plugin

Task to do:

• [ ] prepare migration example to maven-gpg-plugin
• [ ] add info about retired in docs
• [ ] deprecate Mojo with info about retiring
• [ ] release latest version
• [ ] make repository read-only

[mkarg]

Farewell, sign plugin!

OTOH I thought your intention for starting this plugin was to get rid of a the need for a locally installed GPG. Does that mean that Maven GPG Plugin works without local GPG now? 🤔

[slawekjaranowski]

Farewell, sign plugin!

OTOH I thought your intention for starting this plugin was to get rid of a the need for a locally installed GPG. Does that mean that Maven GPG Plugin works without local GPG now? 🤔

Exactly it was an intention - signing without additional binary and better support builds on CI system

Now we have the same in gpg-plugin thanks to BC - Bouncy Castle Java library additional binary is not necessary. Also we have support for configuration keys by environments variables.

I will prepare some manual about migration.

So maintain next plugin with the same feature is not justified.

[mkarg]

So in fact it is not GPG plugin anymore, but BC plugin. ;-)

[slawekjaranowski]

So in fact it is not GPG plugin anymore, but BC plugin. ;-)

No. There is an option: https://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html#signer

The name of the Signer implementation to use. Accepted values are "gpg" (the default, uses GnuPG executable) and "bc" (uses Bouncy Castle pure Java signer).