[ https://jira.codehaus.org/browse/MRELEASE-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=333797#comment-333797 ]
Robert Scholte commented on MRELEASE-766: ----------------------------------------- I was too quick with my comment, but MRELEASE-846 contains a part of the solution. I should be able to encrypt all passwords/passphrases in the settings.xml. > release:prepare stores settings.xml in a public directory > --------------------------------------------------------- > > Key: MRELEASE-766 > URL: https://jira.codehaus.org/browse/MRELEASE-766 > Project: Maven Release Plugin > Issue Type: Bug > Components: prepare > Affects Versions: 2.2.2 > Reporter: Joseph Walton > > The fix for MRELEASE-577 involves copying {{settings.xml}} into a temporary > directory. On a shared machine, it's possible that users have passwords > configured in this file. Although they should probably have used > {{settings-security.xml}} some will have set file permissions to prevent > other users from reading their settings. > If a build fails the file can be behind in /tmp. > The copy should either be set to world-unreadable before any contents are > written or created in a non-public location. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira