You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Christopher Tubbs (JIRA)" <ji...@apache.org> on 2016/05/11 15:12:12 UTC
[jira] [Created] (MPOM-118) Enforce strong GPG signatures by
default
Christopher Tubbs created MPOM-118:
--------------------------------------
Summary: Enforce strong GPG signatures by default
Key: MPOM-118
URL: https://issues.apache.org/jira/browse/MPOM-118
Project: Maven POMs
Issue Type: Improvement
Components: asf
Affects Versions: ASF-17
Reporter: Christopher Tubbs
maven-gpg-plugin configuration could be improved a bit so that ASF releases are not weakened by a user's weak personal configuration.
I suggest adding something like the following to maven-gpg-plugin's configuration in the pluginManagement section:
{code:xml}
<gpgArguments combine.children="append">
<arg>--digest-algo=SHA512</arg>
</gpgArguments>
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)