[
https://issues.apache.org/jira/browse/MNG-8417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17904273#comment-17904273
]
Tamas Cservenak commented on MNG-8417:
--------------------------------------
Well, exactly as you mention: one need to bite the bullet (clean up settings
for stale stuff) as mvn3 was very forgiving in this respect. Also, in case of
progress you do need break few things. And here, it is not "breaking" things,
just enforcing "they work" (or in other words, cleaning up the piled up stale
things). I understand your frustration, just like when we did "warn for plugins
using deprecated apis" and people were like "this was working for 10 years and
now it warns me!" ... well, yes, the fact it worked for 10 years is great, but
we need to move from this "status quo"...
> New encrypted passwords prevent maven from building projects
> ------------------------------------------------------------
>
> Key: MNG-8417
> URL: https://issues.apache.org/jira/browse/MNG-8417
> Project: Maven
> Issue Type: Bug
> Components: Settings
> Affects Versions: 4.0.0-beta-5, 4.0.0-rc-1
> Reporter: Lenny Primak
> Priority: Blocker
>
> When settings.xml contains new-style encrypted passwords, maven will not
> build unless it can decrypt the password.
> The use case is that the passwords are used only for deployment, while 99% of
> the use cases don't require the passwords.
> This forces the users to have to have secure environment variables or other
> ways to get the master password at all times, enhancing security risks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
