[
https://issues.apache.org/jira/browse/MNG-8424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Nord updated MNG-8424:
----------------------------
Description:
when using maven3 encrypted passwords with Maven 4 at the start of *{*}any{*}*
build you are met with many warnings (one for each encrypted password).
The warning is overly aggressive and implies things are not working (because it
is a "problem").
As for a while users will need to swap between maven 3 and maven 4 the warning
should be reduced to an INFO, otherwise users may end up breaking their maven3
setup.
The warnings also seem to be duplicates.
{code:java}
❯ mvn validate
[WARNING]
[WARNING] Some problems were encountered while building the effective settings
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING]
[WARNING]
[WARNING] Some problems were encountered while building the effective settings
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING]
[INFO] Scanning for projects...
[INFO]
{code}
"Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4"
implies the current password is not compatable with Maven4.
However it is not the case, as maven can successfully decrypt the password
(otherwise you get a different issue)
h3. Steps to Reproduce
Setup maven3 with a settings file and several server entries with valid
encrypted passwords
run a build with maven4
h3. Expected Results
an info level message suggesting you migrate to maven4 encryption style iff you
no longer need compatibility with maven3.
NB: some future (not initial) maven 4 version can change to this to a warning
saying it is deprecated and to be removed
h3. Actual Results
see warnings above
was:
when using maven3 encrypted passwords with Maven 4 at the start of **any**
build you are met with many warnings (one for each encrypted password).
The warning is overly aggressive and implies things are not working (because it
is a "problem").
As for a while users will need to swap between maven 3 and maven 4 the warning
should be reduced to an INFO, otherwise users may end up breaking their maven3
setup.
The warnings also seem to be duplicates.
{code:java}
❯ mvn validate
[WARNING]
[WARNING] Some problems were encountered while building the effective settings
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING]
[WARNING]
[WARNING] Some problems were encountered while building the effective settings
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING] Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4. @
C:\Users\jnord\.m2\settings.xml
[WARNING]
[INFO] Scanning for projects...
[INFO]
{code}
"Pre-Maven 4 legacy encrypted password detected - configure password
encryption with the help of mvnenc to be compatible with Maven 4"
implies the current password is not compatable with Maven4.
However it is not the case, as maven can successfully decrypt the password
(otherwise you get a different issue)
h3. Steps to Reproduce
Setup maven3 with a settings file and several server entries with valid
encrypted passwords
run a build with maven4
h3. Expected Results
and info level message suggesting you migrate to maven4 encryption style if you
no longer need compatability with maven3.
NB: some future (not initial) maven 4 version can change to this to a warning
saying it is deprecated and to be removed
h3. Actual Results
see warnings above
> warning about maven3 passwords is too aggressive
> ------------------------------------------------
>
> Key: MNG-8424
> URL: https://issues.apache.org/jira/browse/MNG-8424
> Project: Maven
> Issue Type: Bug
> Affects Versions: 4.0.0-rc-1
> Reporter: James Nord
> Priority: Major
> Fix For: 4.0.0-rc-2
>
>
> when using maven3 encrypted passwords with Maven 4 at the start of
> *{*}any{*}* build you are met with many warnings (one for each encrypted
> password).
> The warning is overly aggressive and implies things are not working (because
> it is a "problem").
> As for a while users will need to swap between maven 3 and maven 4 the
> warning should be reduced to an INFO, otherwise users may end up breaking
> their maven3 setup.
> The warnings also seem to be duplicates.
> {code:java}
> ❯ mvn validate
> [WARNING]
> [WARNING] Some problems were encountered while building the effective settings
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING]
> [WARNING]
> [WARNING] Some problems were encountered while building the effective settings
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected - configure
> password encryption with the help of mvnenc to be compatible with Maven 4. @
> C:\Users\jnord\.m2\settings.xml
> [WARNING]
> [INFO] Scanning for projects...
> [INFO]
>
> {code}
> "Pre-Maven 4 legacy encrypted password detected - configure password
> encryption with the help of mvnenc to be compatible with Maven 4"
> implies the current password is not compatable with Maven4.
> However it is not the case, as maven can successfully decrypt the password
> (otherwise you get a different issue)
> h3. Steps to Reproduce
> Setup maven3 with a settings file and several server entries with valid
> encrypted passwords
> run a build with maven4
> h3. Expected Results
> an info level message suggesting you migrate to maven4 encryption style iff
> you no longer need compatibility with maven3.
> NB: some future (not initial) maven 4 version can change to this to a warning
> saying it is deprecated and to be removed
> h3. Actual Results
> see warnings above
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
