[ https://issues.apache.org/jira/browse/MINSTALL-133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16996812#comment-16996812 ]
Elliotte Rusty Harold commented on MINSTALL-133: ------------------------------------------------ I think the install plugin only copies the built jar into the local repository. It's not used for remote deployment, and I can't think of anything that would fail if the checksum were off in this case. I propose closing this issue as won't fix unless a clearer problem can be stated. Remote deployment is a very different story, but that's not this plugin. > Take Security More Seriously - Checksum by default > -------------------------------------------------- > > Key: MINSTALL-133 > URL: https://issues.apache.org/jira/browse/MINSTALL-133 > Project: Maven Install Plugin > Issue Type: Bug > Components: install:install, install:install-file > Affects Versions: 2.5.2 > Reporter: John Patrick > Priority: Major > > I believe that a default of createChecksum being false is bad practice and a > checksum should always being produced. > Maven doesn't appear to have a guide so I'm looking towards the main apache > guide i.e. https://www.apache.org/dev/release-signing.html -- This message was sent by Atlassian Jira (v8.3.4#803005)