maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MINSTALL-133) Take Security More Seriously - Checksum by default
Date Sun, 04 Dec 2016 17:26:58 GMT

    [ https://issues.apache.org/jira/browse/MINSTALL-133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15720285#comment-15720285
] 

ASF GitHub Bot commented on MINSTALL-133:
-----------------------------------------

GitHub user nhojpatrick opened a pull request:

    https://github.com/apache/maven-plugins/pull/97

    MINSTALL-133 createChecksum default true

    Patch for https://issues.apache.org/jira/browse/MINSTALL-133


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/nhojpatrick/maven-plugins bugfix/MINSTALL-133-createChecksum-true

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/maven-plugins/pull/97.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #97
    
----
commit d5ea2a8b57a9b212ba35728448fc0a4e2321fb66
Author: John Patrick <nhoj.patrick@gmail.com>
Date:   2016-12-04T17:23:42Z

    MINSTALL-133 createChecksum default true

----


> Take Security More Seriously - Checksum by default
> --------------------------------------------------
>
>                 Key: MINSTALL-133
>                 URL: https://issues.apache.org/jira/browse/MINSTALL-133
>             Project: Maven Install Plugin
>          Issue Type: Bug
>          Components: install:install, install:install-file
>    Affects Versions: 2.5.2
>            Reporter: John Patrick
>
> I believe that a default of createChecksum being false is bad practice and a checksum
should always being produced.
> Maven doesn't appear to have a guide so I'm looking towards the main apache guide i.e.
https://www.apache.org/dev/release-signing.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message