We've considered similar changes in the past, but because we are responsible for maintaining some of these source repositories, we are forced to think about the ramifications of our changes for the community.Building a repository manager that just "throws out" PGP signatures for POMs seems to me to be irresponsible when we're starting to make traction on the difficult job of making sure that new artifacts added to central have PGP signatures.The original index format was a Lucene 2.3 binary file zipped up in a convenient archive.Upon investigation, we found that Artifactory completely rewrites the pom files, presumably as part of a new feature to strip out repository entries from the poms.Take a look at this POM from Central: The License header of the file has been completely stripped away.
You shouldn't sign an ASF release unless you've had your key signed by someone in the ASF's web of trust at a key signing event (PGP keys are best signed only if you can verify someone's signature, face-to-face.) It seems a shame to throw away all of that work just to "clean" the POM of repository elements.
This eco-chic newcomer is located in a charming brick building dating back to the 1920s.
Despite the wealth of alternative options throughout the city, it sometimes feels as though the entire ex-pat community can be found around the pool for Friday brunch.
Guests are greeted by 'Lady American' – a 1920s flapper on the carpet inside each bedroom – and can watch live footage from a webcam on the roof.
Breakfast, lunch and dinner are served in the 'Cafe Americain' – a stunning art deco room with Tiffany lamps, stained glass and recently uncovered murals inspired by 'A Midsummer Night's Dream'.