Closed eed3si9n closed 5 years ago
jodersky
commented
6 years ago Hi, glad you enjoy using it! I put together sbt-gpg in a really short time (mainly to workaround some incompatibility with the version of GPG installed on my machine and sbt-pgp), so the project is still in a very early stage. It currently supports signing artifacts, but no verification is available. That being said, I'd be happy to see the project get more contributions or even moved to the sbt organisation!
eed3si9n
commented
6 years ago What do you think about me giving you committer rights to sbt-pgp instead, and you can do whatever here?
eed3si9n
commented
6 years ago Since https://github.com/sbt/sbt-pgp/pull/131 is merged, hopefully the problem about GPG compatibility issue is now resolved.
djspiewak
commented
6 years ago @eed3si9n People have still reported issues. I certainly haven't seen any myself (though I still override most of the defaults in my plugin), but it wouldn't surprise me if there were problems remaining.
eed3si9n
commented
6 years ago One of the challenges I think is going to be migrating the build automation process, if they are currently depending on the bouncycastle based process. I am thinking about introducing an environment variable like SBT_PGP_USE_GPG as a means of setting useGpg to false if people want to do that on CI, but migrate to using gpg locally first.
eed3si9n
commented
5 years ago I did whatever I could - https://discuss.lightbend.com/t/announce-sbt-pgp-2-0-0/5067
@jodersky's https://github.com/jodersky/sbt-gpg looks nice.
I think we should make sbt-pgp behave more like sbt-gpg out of the box, using GnuPG etc.