[ https://issues.apache.org/jira/browse/MNG-5512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17471896#comment-17471896 ]
Michael Osipov commented on MNG-5512: ------------------------------------- I have just checked the code in master, call tree for {{org.apache.maven.settings.crypto.DefaultSettingsDecrypter.decrypt(SettingsDecryptionRequest)}}. PURE CRAP you can throw it away. Decryption issues are only logged. At no point the build is halted. [~cstamas], yet another reason to throw this "encryption" way. No one's going to fix all of those spots: !screenshot-1.png! Login failures need to be checked with Wagon providers and their callers. > Deploy uses passwords that failed decryption; retries even if login fails > ------------------------------------------------------------------------- > > Key: MNG-5512 > URL: https://issues.apache.org/jira/browse/MNG-5512 > Project: Maven > Issue Type: Bug > Reporter: Sebb > Priority: Major > Fix For: waiting-for-feedback > > Attachments: mng5512.zip, screenshot-1.png > > > [See MDEPLOY-130 which was closed as being an issue in Maven core] > If passwords have been encrypted, deploy fails to notice if the password > decryption failed. > Furthermore, it carries on trying to login even after a login failure. > This is true even if the decryption succeeded but the password was incorrect > or no encryption was used and the password is incorrect. > This is bad as it can result in lockout due to the multiple failed logins - > deploy needs to login several times - and may cause unnecessary work for > system admins. -- This message was sent by Atlassian Jira (v8.20.1#820001)