You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Brill Pappin (JIRA)" <ji...@codehaus.org> on 2009/03/03 21:41:13 UTC
[jira] Created: (MRELEASE-420) Prepare and Perform should use
profile server settings
Prepare and Perform should use profile server settings
------------------------------------------------------
Key: MRELEASE-420
URL: http://jira.codehaus.org/browse/MRELEASE-420
Project: Maven 2.x Release Plugin
Issue Type: Improvement
Components: perform, prepare
Environment: latest in central as of this issue
Reporter: Brill Pappin
Priority: Critical
The release plugin for some reason requires -Dusername= and -Dpassword= on the command line.
The plugin should be using the standard profile server definitions instead (or as well as).
Forcing the properties onto the command line is a security risk that doesn't need to be there.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MRELEASE-420) Prepare and Perform should use profile server
settings
Posted by "Robert Scholte (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MRELEASE-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=293739#comment-293739 ]
Robert Scholte commented on MRELEASE-420:
-----------------------------------------
What we're actually missing as an scm-id (just like every repository-section has)
I think we can do the same trick as for sourceEncoding: introduce ${project.scm.id} which can be bound to a server-entry in the {{settings.xml}}
> Prepare and Perform should use profile server settings
> ------------------------------------------------------
>
> Key: MRELEASE-420
> URL: https://jira.codehaus.org/browse/MRELEASE-420
> Project: Maven 2.x Release Plugin
> Issue Type: Improvement
> Components: perform, prepare
> Environment: latest in central as of this issue
> Reporter: Brill Pappin
> Priority: Critical
>
> The release plugin for some reason requires -Dusername= and -Dpassword= on the command line.
> The plugin should be using the standard profile server definitions instead (or as well as).
> Forcing the properties onto the command line is a security risk that doesn't need to be there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRELEASE-420) Prepare and Perform should use
profile server settings
Posted by "Brill Pappin (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRELEASE-420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=167789#action_167789 ]
Brill Pappin commented on MRELEASE-420:
---------------------------------------
It appears the scm password is stored in plain text in the release.properties, someone one unsuspecting could actually check that into a repo that was open to the public.
This is all the more reason that the *correct* way to do it is via the profile server definitions.
> Prepare and Perform should use profile server settings
> ------------------------------------------------------
>
> Key: MRELEASE-420
> URL: http://jira.codehaus.org/browse/MRELEASE-420
> Project: Maven 2.x Release Plugin
> Issue Type: Improvement
> Components: perform, prepare
> Environment: latest in central as of this issue
> Reporter: Brill Pappin
> Priority: Critical
>
> The release plugin for some reason requires -Dusername= and -Dpassword= on the command line.
> The plugin should be using the standard profile server definitions instead (or as well as).
> Forcing the properties onto the command line is a security risk that doesn't need to be there.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] (MRELEASE-420) Prepare and Perform should use profile server
settings
Posted by "Robert Scholte (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/MRELEASE-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Scholte closed MRELEASE-420.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.3
Fixed in [rev. 1300335|http://svn.apache.org/viewvc?view=revision&revision=1300335]
With the next release you can use:
{code:xml}
<project>
...
<properties>
<project.scm.id>my-server-id</project.scm.id>
</properties>
</project>
{code}
> Prepare and Perform should use profile server settings
> ------------------------------------------------------
>
> Key: MRELEASE-420
> URL: https://jira.codehaus.org/browse/MRELEASE-420
> Project: Maven 2.x Release Plugin
> Issue Type: Improvement
> Components: perform, prepare
> Environment: latest in central as of this issue
> Reporter: Brill Pappin
> Assignee: Robert Scholte
> Priority: Critical
> Fix For: 2.3
>
>
> The release plugin for some reason requires -Dusername= and -Dpassword= on the command line.
> The plugin should be using the standard profile server definitions instead (or as well as).
> Forcing the properties onto the command line is a security risk that doesn't need to be there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira