clojars

2023-04-12T11:12:13.783729Z

@tony.kay @hlship @seancorfield @slipset FYI: Clojars no longer requires checksum files for signature files (as of a few minutes ago), since that is the new maven/aether default. Please let me know if you see any issues!

👍 1
seancorfield 2023-04-12T16:24:04.038879Z

I haven't signed artifacts for Clojars for years -- and part of the reason I switched my projects from Leiningen to Boot was to get away from lein's "obsession" with signing stuff and the fragile GPG ecosystem 🙂

2023-04-12T17:11:49.884629Z

Understood. I just pinged you since you were involved in this thread: https://clojurians.slack.com/archives/C0H28NMAS/p1679955780176239

👍🏻 1
seancorfield 2023-04-12T17:20:00.166679Z

Did the Maven/Aether project say why it was making this change? (apologies if you posted that and I missed it)

2023-04-12T17:23:13.108939Z

Not that I could find, but I may not be looking in the right places.

2023-04-12T17:23:39.427699Z

I just find references to tooling adjusting to the change, also w/o a link to the source issue/justification

seancorfield 2023-04-12T17:25:04.366509Z

Weird, since it seems to have been a breaking change and fairly far-reaching...

2023-04-12T17:27:00.159029Z

It's possible Clojars was the only repo requiring checksums on signatures if there were other checksums. Sending them for signatures has always been optional, but on by default.

seancorfield 2023-04-12T17:30:30.344209Z

Ah, gotcha.