You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Robert Scholte (JIRA)" <ji...@codehaus.org> on 2013/10/06 22:38:52 UTC

[jira] (MRELEASE-766) release:prepare stores settings.xml in a public directory

    [ https://jira.codehaus.org/browse/MRELEASE-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=333663#comment-333663 ] 

Robert Scholte commented on MRELEASE-766:
-----------------------------------------

I've fixed MRELEASE-846, which means that both passwords and passphrases will always be encrypted when possible. If there's no other idea or patch to improve this, I'm going to close this as being superseded by MRELEASE-846
                
> release:prepare stores settings.xml in a public directory
> ---------------------------------------------------------
>
>                 Key: MRELEASE-766
>                 URL: https://jira.codehaus.org/browse/MRELEASE-766
>             Project: Maven Release Plugin
>          Issue Type: Bug
>          Components: prepare
>    Affects Versions: 2.2.2
>            Reporter: Joseph Walton
>
> The fix for MRELEASE-577 involves copying {{settings.xml}} into a temporary directory. On a shared machine, it's possible that users have passwords configured in this file. Although they should probably have used {{settings-security.xml}} some will have set file permissions to prevent other users from reading their settings.
> If a build fails the file can be behind in /tmp.
> The copy should either be set to world-unreadable before any contents are written or created in a non-public location.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira