[JAVA-3794] Replace default signatory in Gradle signing plugin with notary service Created: 18/Jul/20  Updated: 20/Dec/23

Status: Backlog
Project: Java Driver
Component/s: Build
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Epic Link: JAVA-5243

 Description   

The Gradle signing plugin by default uses the Bouncycastle implementation of OpenPGP to sign artifacts, based on a signing key that is configured either via system properties specified in a gradle.properties file, or via environment variables.

The plugin can be configured with an alternate signatory. Create one that relies on the MongoDB notary service, and configure the Java driver to use it for all artifact signing.

The alternate signatory should be disabled by default so that third parties can publish versions of the releases to their own private repositories


Generated at Thu Feb 08 09:00:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.