[
https://issues.apache.org/jira/browse/MNG-8417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17904263#comment-17904263
]
Lenny Primak commented on MNG-8417:
-----------------------------------
Yes, but this forces hundreds of thousands of CIs out there to deal with
breaking changes like this.
Think about the work involved. It's one thing to volunteer for this, but when
this is forced upon, it's not good.
What about backwards compatibility? Upgrade path? Downgrade path?
Some projects need one thing, some others, etc. etc. This is way too much work,
way too risky as it stands now.
It will hurt adoption for sure.
Just in my case, my simple CI is completely broken and I spent >25 hours so far
trying to fix it.
Think about the work this makes many, many people do unnecessarily.
> New encrypted passwords prevent maven from building projects
> ------------------------------------------------------------
>
> Key: MNG-8417
> URL: https://issues.apache.org/jira/browse/MNG-8417
> Project: Maven
> Issue Type: Bug
> Components: Settings
> Affects Versions: 4.0.0-beta-5, 4.0.0-rc-1
> Reporter: Lenny Primak
> Priority: Blocker
>
> When settings.xml contains new-style encrypted passwords, maven will not
> build unless it can decrypt the password.
> The use case is that the passwords are used only for deployment, while 99% of
> the use cases don't require the passwords.
> This forces the users to have to have secure environment variables or other
> ways to get the master password at all times, enhancing security risks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
