You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Karl Heinz Marbaise (JIRA)" <ji...@apache.org> on 2016/07/09 12:23:11 UTC

[jira] [Closed] (MPOM-118) Enforce strong GPG signatures by default

     [ https://issues.apache.org/jira/browse/MPOM-118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Karl Heinz Marbaise closed MPOM-118.
------------------------------------
    Resolution: Fixed
      Assignee: Hervé Boutemy

Done by Hervé in [r1745383|http://svn.apache.org/r1745383]

> Enforce strong GPG signatures by default
> ----------------------------------------
>
>                 Key: MPOM-118
>                 URL: https://issues.apache.org/jira/browse/MPOM-118
>             Project: Maven POMs
>          Issue Type: Improvement
>          Components: asf
>    Affects Versions: ASF-17
>            Reporter: Christopher Tubbs
>            Assignee: Hervé Boutemy
>             Fix For: ASF-19
>
>
> maven-gpg-plugin configuration could be improved a bit so that ASF releases are not weakened by a user's weak personal configuration.
> I suggest adding something like the following to maven-gpg-plugin's configuration in the pluginManagement section:
> {code:xml}
> <gpgArguments combine.children="append">
>   <arg>--digest-algo=SHA512</arg>
> </gpgArguments>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)