cstamas commented on code in PR #448:
URL: https://github.com/apache/maven-resolver/pull/448#discussion_r1541070087
##########
maven-resolver-generator-gnupg/src/main/java/org/eclipse/aether/generator/gnupg/loaders/GpgConfLoader.java:
##########
@@ -52,12 +52,7 @@ public final class GpgConfLoader implements
GnupgSignatureArtifactGeneratorFacto
/**
* Maximum key size, see <a href="https://wiki.gnupg.org/LargeKeys";>Large
Keys</a>.
*/
- private static final long MAX_SIZE = 5 * 1024 + 1L;
-
- @Override
- public boolean isInteractive() {
- return false;
- }
+ private static final long MAX_SIZE = 16 * 1024 + 1L;
Review Comment:
See https://wiki.gnupg.org/LargeKeys
In other words, use Ed25519 key, and leave RSA ones (that are 60 times
slower as well) to oblivion. Btw, GnuPG 2.4.x (unsure here, maybe since 2.1, or
2.2 or 2.3?) _by default_ generates Ed25519 keys (unless explicitly asked for
RSA). The RSA keys are slowly being phased out.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
