maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Scholte (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MINSTALL-133) Take Security More Seriously - Checksum by default
Date Sun, 04 Dec 2016 17:38:58 GMT

    [ https://issues.apache.org/jira/browse/MINSTALL-133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15720301#comment-15720301
] 

Robert Scholte commented on MINSTALL-133:
-----------------------------------------

Even though that parameter is specified in this plugin, I think it belongs to the maven-deploy-plugin.
IIRC that's also that's also he approach chosen by Aether/Maven Resolver. Not sure what its
default is.

> Take Security More Seriously - Checksum by default
> --------------------------------------------------
>
>                 Key: MINSTALL-133
>                 URL: https://issues.apache.org/jira/browse/MINSTALL-133
>             Project: Maven Install Plugin
>          Issue Type: Bug
>          Components: install:install, install:install-file
>    Affects Versions: 2.5.2
>            Reporter: John Patrick
>
> I believe that a default of createChecksum being false is bad practice and a checksum
should always being produced.
> Maven doesn't appear to have a guide so I'm looking towards the main apache guide i.e.
https://www.apache.org/dev/release-signing.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message