What is the thing with takari/jpgp

[cstamas]

While releasing takari parent pom, I had several issues with signing the POM artifact, with jpgp to be more precise.

The lifecycle uses takari/jpgp version 1.0.9, and only source I found is this repository https://github.com/takari/jpgp but it does NOT contains the latest code (has 1.0.0 only).

As I see jgpg reimplements PGP using Bouncy Castle...

Same thing is done by Slawek here (he is Maven PMC):

• https://github.com/s4u/sign-maven-plugin
• https://github.com/s4u/pgpverify-maven-plugin

Maybe it would be ok to switch custom (and non existent) code with something maintained?

[cstamas]

@ajayk ping

[ajayk]

we can switch this

@jvanzyl : any concerns or are there any plans to update the repository

[cstamas]

as I did release again recently, want to same issue (as this I used different workstation).

AFAIK, the ONLY cool bit about jpgp is the fact it uses GPG Agent.... which I think is very good thing.