Description David Williams 2010-09-11 19:35:37 EDT

All builds we "promote" anyway. 

One problem is that once a jar is produced, and put in a p2 repo, if the version (even qualifier) doesn't change, then the new jar won't be "pulled" from the repo if it already exists. So, if someone has been "installing" from weekly I builds, then they would not pick up signed versions once we moved to S builds. 

Another, of course, is that some would say it's better to make each build, at least each build we test and promote, as much like the final build as possible. 

Also, we should sign test bundles too, since we make those available in our repos. Even though not widely downloaded, those that do (e.g. committers) deserve the same security protection that signing affords. 

All this signing will add considerable overhead to each build, so long term, we may want another type of "continuous build" (similar to old fashioned nightly) that are not signed ... but we need to make sure those are never promoted ... and then switch to I builds only on Thursdays (Wednesday evenings). 

For now, I'm going to simply turn on signing for I-builds and tests.