commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <>
Subject Passwords in Maven settings file [Was: Release process WAS [VOTE] Release Apache Commons Codec 1.5-RC1]
Date Tue, 05 Apr 2011 09:37:53 GMT
On 5 April 2011 09:32, Jochen Wiedmann <> wrote:
> On Tue, Apr 5, 2011 at 10:22 AM, Henri Yandell <> wrote:
>> [Side note; this is insane:
>> - I vomit
>> every time it's implied I should put passwords in the Maven settings
>> file]
> Totally agreed!

There are a couple of ways around that.

1) Use settings-security.xml <relocation> to store the real
settings-security.xml on a removable device.

2) It would be nice if Maven supported a keyserver of some kind (cf.
Pageant for Putty), but it does not. However one can use the
<relocation> element to point to a server that returns the passwords.
I wrote a Java app that acts as a simple keyserver; of course that
needs its own password.

If the device is not present, or the server is not running, you get a
warning message when starting Maven builds.
[When using the keyserver I normally give it a dummy password, as that
avoids the time delay when Maven looks for the server; however one
still gets warnings]

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message