[
https://issues.apache.org/jira/browse/MWRAPPER-10?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Scholte closed MWRAPPER-10.
----------------------------------
Assignee: Robert Scholte
Resolution: Not A Problem
The maven-wrapper-plugin ONLY downloads the apache-maven-wrapper of a specific
type (script/bin/source).
This plugin uses the artifactResolver, which means that it uses the same
mechanism as Maven uses to download its plugins and dependencies, including
verification of their checksums.
As Maven user you can already control the verification of checksums (-C/-c),
and with MNG-5728 in Maven 4 it will fail by default on a mismatch of the
checksum.
> Checksums for maven-dists
> -------------------------
>
> Key: MWRAPPER-10
> URL: https://issues.apache.org/jira/browse/MWRAPPER-10
> Project: Maven Wrapper
> Issue Type: Bug
> Reporter: Yannick Menager
> Assignee: Robert Scholte
> Priority: Critical
>
> Automatically downloading and running software is highly dangerous from a
> security point of view.
> Wrapper should include the ability to include a checksum and verify the
> downloaded zip file
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
