You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Hervé Boutemy (JIRA)" <ji...@apache.org> on 2016/05/12 21:08:13 UTC
[jira] [Commented] (MPOM-118) Enforce strong GPG signatures by
default
[ https://issues.apache.org/jira/browse/MPOM-118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15282047#comment-15282047 ]
Hervé Boutemy commented on MPOM-118:
------------------------------------
I tend to think this is a good idea, but this one require discussion with more people
is there some official ASF policy on this?
> Enforce strong GPG signatures by default
> ----------------------------------------
>
> Key: MPOM-118
> URL: https://issues.apache.org/jira/browse/MPOM-118
> Project: Maven POMs
> Issue Type: Improvement
> Components: asf
> Affects Versions: ASF-17
> Reporter: Christopher Tubbs
>
> maven-gpg-plugin configuration could be improved a bit so that ASF releases are not weakened by a user's weak personal configuration.
> I suggest adding something like the following to maven-gpg-plugin's configuration in the pluginManagement section:
> {code:xml}
> <gpgArguments combine.children="append">
> <arg>--digest-algo=SHA512</arg>
> </gpgArguments>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)