[jira] [Commented] (MGPG-137) Un-deprecate passphraseServerId

Tamas Cservenak (Jira) Mon, 23 Sep 2024 10:11:38 -0700


    [ 
https://issues.apache.org/jira/browse/MGPG-137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17883963#comment-17883963
 ]


Tamas Cservenak commented on MGPG-137:
--------------------------------------

Coz it is fundamentally broken.
See 
https://cwiki.apache.org/confluence/display/MAVEN/Handling+sensitive+data+in+Maven

> Un-deprecate passphraseServerId
> -------------------------------
>
>                 Key: MGPG-137
>                 URL: https://issues.apache.org/jira/browse/MGPG-137
>             Project: Maven GPG Plugin
>          Issue Type: Bug
>    Affects Versions: 3.2.5
>            Reporter: Lenny Primak
>            Priority: Major
>
> IMHO this parameter has been deprecated in error.
> It is used to referenced the "server" field in settings.xml, where 
> passphrases are stored in an encrypted fashion. This is actually safer than 
> setting clear-text passwords in environment variables in practice.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MGPG-137) Un-deprecate passphraseServerId

Reply via email to