maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Scholte (JIRA)" <>
Subject [jira] (MRELEASE-766) release:prepare stores settings.xml in a public directory
Date Tue, 08 Oct 2013 19:06:53 GMT


Robert Scholte commented on MRELEASE-766:

I was too quick with my comment, but MRELEASE-846 contains a part of the solution. I should
be able to encrypt all passwords/passphrases in the settings.xml.
> release:prepare stores settings.xml in a public directory
> ---------------------------------------------------------
>                 Key: MRELEASE-766
>                 URL:
>             Project: Maven Release Plugin
>          Issue Type: Bug
>          Components: prepare
>    Affects Versions: 2.2.2
>            Reporter: Joseph Walton
> The fix for MRELEASE-577 involves copying {{settings.xml}} into a temporary directory.
On a shared machine, it's possible that users have passwords configured in this file. Although
they should probably have used {{settings-security.xml}} some will have set file permissions
to prevent other users from reading their settings.
> If a build fails the file can be behind in /tmp.
> The copy should either be set to world-unreadable before any contents are written or
created in a non-public location.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message