[ https://issues.apache.org/jira/browse/MPOM-118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15282202#comment-15282202 ]
Christopher Tubbs commented on MPOM-118: ---------------------------------------- This would be enforcing the published ASF developer guidelines to avoid SHA-1 with PGP/GPG here: http://www.apache.org/dev/openpgp.html#sha1 > Enforce strong GPG signatures by default > ---------------------------------------- > > Key: MPOM-118 > URL: https://issues.apache.org/jira/browse/MPOM-118 > Project: Maven POMs > Issue Type: Improvement > Components: asf > Affects Versions: ASF-17 > Reporter: Christopher Tubbs > > maven-gpg-plugin configuration could be improved a bit so that ASF releases > are not weakened by a user's weak personal configuration. > I suggest adding something like the following to maven-gpg-plugin's > configuration in the pluginManagement section: > {code:xml} > <gpgArguments combine.children="append"> > <arg>--digest-algo=SHA512</arg> > </gpgArguments> > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)