To improve the quality of the Central Repository, we require you to provide PGP signatures for all your artifacts (all files except checksums), and distribute your public key to a key server like. If there are no signatures, then users have no guarantee that they are downloading the original artifact.
#IDENTIFY MY ARTIFACT DOWNLOAD#
When people download artifacts from the Central Repository, they might want to verify these artifacts' PGP signatures against a public key server. For example, knowing all the licenses for a particular graph of artifacts, we could have some strategies that would identify potential licensing problems.
#IDENTIFY MY ARTIFACT LICENSE#
We ask for the license because it is possible that your project's license may change in the course of its lifetime, and we are trying to create tools to help sort out licensing issues. The other applications that are made possible by having all the POMs available for artifacts are vast, so by placing them into the Central Repository as part of the process we open up the doors to new ideas that involve unified access to project POMs. The logic for getting transitive dependencies working is really not that hard, the problem is getting the data. The POM being deployed with the artifact is part of the process to make transitive dependencies a reality in Maven.
Some folks have asked "why do we require all this information in the POM for deployed artifacts?", so here's a small explanation. The updated list of requirements can be found here. See the guidelines here, particularly on groupId and domain ownership. coordinates: Picking the appropriate coordinates for your project is important.minimum POM information: There are some requirements for the minimal information in the POMs that are in the Central Repository, see here,.releases: Only releases can be uploaded to the Central Repository, that means files that won't change and that only depend on other files already released and available in the repository,.In order to allow for this, a project should deploy their artifacts to the Central Repository. Many open source projects want to allow users of their projects who build with Maven to have transparent access to their project's artifacts. In order for users of Maven to utilize artifacts produced by your project, you must deploy them to a remote repository. Guide to uploading artifacts to the Central Repository
0 kommentar(er)
