[
https://jira.codehaus.org/browse/MRELEASE-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=300141#comment-300141
]
Robert Scholte commented on MRELEASE-766:
-----------------------------------------
Have you seen this happening or is it just a theory? All {{MavenExecutors}}
contain the following:
{code}
try
{
//....
}
finally
{
if ( settingsFile != null && settingsFile.exists() && !settingsFile.delete() )
{
settingsFile.deleteOnExit();
}
}
{code}
> release:prepare stores settings.xml in a public directory
> ---------------------------------------------------------
>
> Key: MRELEASE-766
> URL: https://jira.codehaus.org/browse/MRELEASE-766
> Project: Maven 2.x Release Plugin
> Issue Type: Bug
> Components: prepare
> Affects Versions: 2.2.2
> Reporter: Joseph Walton
>
> The fix for MRELEASE-577 involves copying {{settings.xml}} into a temporary
> directory. On a shared machine, it's possible that users have passwords
> configured in this file. Although they should probably have used
> {{settings-security.xml}} some will have set file permissions to prevent
> other users from reading their settings.
> If a build fails the file can be behind in /tmp.
> The copy should either be set to world-unreadable before any contents are
> written or created in a non-public location.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
