Joseph Walton created MRELEASE-766:
--------------------------------------
Summary: release:prepare stores settings.xml in a public directory
Key: MRELEASE-766
URL: https://jira.codehaus.org/browse/MRELEASE-766
Project: Maven 2.x Release Plugin
Issue Type: Bug
Components: prepare
Affects Versions: 2.2.2
Reporter: Joseph Walton
The fix for MRELEASE-577 involves copying {{settings.xml}} into a temporary
directory. On a shared machine, it's possible that users have passwords
configured in this file. Although they should probably have used
{{settings-security.xml}} some will have set file permissions to prevent other
users from reading their settings.
If a build fails the file can be behind in /tmp.
The copy should either be set to world-unreadable before any contents are
written or created in a non-public location.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
