This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2023-04-12
Channels
- # announcements (4)
- # babashka (60)
- # beginners (3)
- # calva (15)
- # cherry (1)
- # clojars (9)
- # clojure (30)
- # clojure-denmark (5)
- # clojure-europe (23)
- # clojure-losangeles (1)
- # clojure-norway (8)
- # clojurescript (49)
- # core-async (3)
- # cursive (15)
- # datomic (4)
- # deps-new (1)
- # emacs (36)
- # figwheel-main (3)
- # fulcro (16)
- # girouette (2)
- # hyperfiddle (1)
- # introduce-yourself (3)
- # lambdaisland (6)
- # nrepl (23)
- # off-topic (7)
- # pedestal (10)
- # polylith (50)
- # practicalli (1)
- # releases (2)
- # sci (16)
- # shadow-cljs (27)
- # slack-help (3)
- # sql (17)
- # tools-deps (5)
@tony.kay @hlship @seancorfield @slipset FYI: Clojars no longer requires checksum files for signature files (as of a few minutes ago), since that is the new maven/aether default. Please let me know if you see any issues!
I haven't signed artifacts for Clojars for years -- and part of the reason I switched my projects from Leiningen to Boot was to get away from lein
's "obsession" with signing stuff and the fragile GPG ecosystem 🙂
Understood. I just pinged you since you were involved in this thread: https://clojurians.slack.com/archives/C0H28NMAS/p1679955780176239
Did the Maven/Aether project say why it was making this change? (apologies if you posted that and I missed it)
I just find references to tooling adjusting to the change, also w/o a link to the source issue/justification
Weird, since it seems to have been a breaking change and fairly far-reaching...
It's possible Clojars was the only repo requiring checksums on signatures if there were other checksums. Sending them for signatures has always been optional, but on by default.
Ah, gotcha.