[ https://issues.apache.org/jira/browse/MNG-8417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17904134#comment-17904134 ]
Lenny Primak commented on MNG-8417: ----------------------------------- Here is the use case. Picture a CI system. Most requests to the CI is to do.. well. CI CI will call maven many, many times for many tasks. CI has a settings.xml. file. One of the jobs in this CI is to deploy to production. The "deploy to production" script is the only one that's authorized to decrypt the passwords. Let's say that said CI wants to reuse a settings.xml file. It can't. Because *all* jobs now need access to decrypt the passwords. No good. > New encrypted passwords prevent maven from building projects > ------------------------------------------------------------ > > Key: MNG-8417 > URL: https://issues.apache.org/jira/browse/MNG-8417 > Project: Maven > Issue Type: Bug > Components: Settings > Affects Versions: 4.0.0-beta-5, 4.0.0-rc-1 > Reporter: Lenny Primak > Priority: Blocker > > When settings.xml contains new-style encrypted passwords, maven will not > build unless it can decrypt the password. > The use case is that the passwords are used only for deployment, while 99% of > the use cases don't require the passwords. > This forces the users to have to have secure environment variables or other > ways to get the master password at all times, enhancing security risks -- This message was sent by Atlassian Jira (v8.20.10#820010)