You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Christopher Tubbs (JIRA)" <ji...@apache.org> on 2016/05/11 15:12:12 UTC

[jira] [Created] (MPOM-118) Enforce strong GPG signatures by default

Christopher Tubbs created MPOM-118:
--------------------------------------

             Summary: Enforce strong GPG signatures by default
                 Key: MPOM-118
                 URL: https://issues.apache.org/jira/browse/MPOM-118
             Project: Maven POMs
          Issue Type: Improvement
          Components: asf
    Affects Versions: ASF-17
            Reporter: Christopher Tubbs


maven-gpg-plugin configuration could be improved a bit so that ASF releases are not weakened by a user's weak personal configuration.

I suggest adding something like the following to maven-gpg-plugin's configuration in the pluginManagement section:

{code:xml}
<gpgArguments combine.children="append">
  <arg>--digest-algo=SHA512</arg>
</gpgArguments>
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)