eclipse-pmd plugin is unsigned

[nullterminated]

The eclipse-pmd plugin needs to be signed.

[acanda]

Is this more a nuisance or does it prevent installing the plugin?

[nullterminated]

In a secure environment it prevents install. After XCodeGhost happened, I'm trying to get a secure development environment set up. Your plugin is a must have :) I realize there is some cost in doing code signing. So far, the best pricing I've found is:

http://www.lindersoft.com/order_codesigning.htm

or

http://codesigning.ksoftware.net/

As an alternative, I've figured out how to build from source and install it.

mvn clean integration-test -f ch.acanda.eclipse.pmd/pom.xml -B -Declipse-release=mars

to match what's happening in the travis.yml. Install site located in

ch.acanda.eclipse.pmd.repository/target/repository/

Maybe it would be worth mentioning how to do this with a brief explanation in the readme for others. I assume the build will work equally well on any release, but the eclipse-release parameter is for the integration tests.

Anyway, if the certificates are too expensive, I'll understand if you close without a fix. I plan on setting up my own signed builds if getting my favorite plugins signed isn't possible. I'm also trying to get eclipse to sign their tarballs (https://bugs.eclipse.org/bugs/show_bug.cgi?id=478481), but I'll probably be building that too :)

Thanks for replying so quickly. Really impressed with the amount of testing in your build.

[acanda]

Signing the plug-in is on my todo list, although with a very low priority. For now you have to build it yourself. But you're right that there should be a brief explanation so everyone knows how to build the plug-in.