yeikel commented on PR #415: URL: https://github.com/apache/maven-wrapper/pull/415#issuecomment-4285613327
> The Windows counterpart (`only-mvnw.cmd`) does **not** unset `MVNW_REPOURL` — it only clears `MVNW_USERNAME` and `MVNW_PASSWORD`. This inconsistency confirms the bug. > ## Fix I think that this by itself is a bug (in terms of consistency) Now, regarding `unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL`, my assumption is that it is _intended to prevent sensitive data, such as credentials_, from being passed to the Maven process. That said, I am not fully sure that this is the actual intent. In terms of your change, the current bug fix does not seem correct. If `MVNW_REPOURL` requires authentication, removing the username and password while keeping the URL would cause Maven to fail in setups that depend on those credentials. I think that the first step before we decide that this code should be changed is to document _why this is here_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
