commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Yandell <flame...@gmail.com>
Subject Re: Passwords in Maven settings file [Was: Release process WAS [VOTE] Release Apache Commons Codec 1.5-RC1]
Date Tue, 05 Apr 2011 16:15:14 GMT
On Tue, Apr 5, 2011 at 2:37 AM, sebb <sebbaz@gmail.com> wrote:
> On 5 April 2011 09:32, Jochen Wiedmann <jochen.wiedmann@gmail.com> wrote:
>> On Tue, Apr 5, 2011 at 10:22 AM, Henri Yandell <flamefew@gmail.com> wrote:
>>
>>> [Side note; this is insane:
>>> http://maven.apache.org/guides/mini/guide-encryption.html - I vomit
>>> every time it's implied I should put passwords in the Maven settings
>>> file]
>>
>> Totally agreed!
>
> There are a couple of ways around that.
>
> 1) Use settings-security.xml <relocation> to store the real
> settings-security.xml on a removable device.

Vomiting more :) At least I know when I physically lose my laptop.

The docs also need to be pushing "encrypted removable device" more.
It's taken as read that people will do that.

> 2) It would be nice if Maven supported a keyserver of some kind (cf.
> Pageant for Putty), but it does not. However one can use the
> <relocation> element to point to a server that returns the passwords.
> I wrote a Java app that acts as a simple keyserver; of course that
> needs its own password.
>
> If the device is not present, or the server is not running, you get a
> warning message when starting Maven builds.
> [When using the keyserver I normally give it a dummy password, as that
> avoids the time delay when Maven looks for the server; however one
> still gets warnings]

Entering at the command line is fine for me. :)

Hen

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message