[ 
https://issues.apache.org/jira/browse/MNG-8424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak reassigned MNG-8424:
------------------------------------

    Assignee: Tamas Cservenak

> warning about maven3 passwords is too aggressive
> ------------------------------------------------
>
>                 Key: MNG-8424
>                 URL: https://issues.apache.org/jira/browse/MNG-8424
>             Project: Maven
>          Issue Type: Bug
>    Affects Versions: 4.0.0-rc-1
>            Reporter: James Nord
>            Assignee: Tamas Cservenak
>            Priority: Major
>             Fix For: 4.0.0-rc-2
>
>
> when using maven3 encrypted passwords with Maven 4 at the start of 
> *{*}any{*}* build you are met with many warnings (one for each encrypted 
> password).
> The warning is overly aggressive and implies things are not working (because 
> it is a "problem").
> As for a while users will need to swap between maven 3 and maven 4 the 
> warning should be reduced to an INFO, otherwise users may end up breaking 
> their maven3 setup.
> The warnings also seem to be duplicates.
> {code:java}
> ❯ mvn validate
> [WARNING]
> [WARNING] Some problems were encountered while building the effective settings
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING]
> [WARNING]
> [WARNING] Some problems were encountered while building the effective settings
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING] Pre-Maven 4 legacy encrypted password detected  - configure 
> password encryption with the help of mvnenc to be compatible with Maven 4. @ 
> C:\Users\jnord\.m2\settings.xml
> [WARNING]
> [INFO] Scanning for projects...
> [INFO]
>  
> {code}
> "Pre-Maven 4 legacy encrypted password detected  - configure password 
> encryption with the help of mvnenc to be compatible with Maven 4"
> implies the current password is not compatable with Maven4.
> However it is not the case, as maven can successfully decrypt the password 
> (otherwise you get a different issue)
> h3. Steps to Reproduce
> Setup maven3 with a settings file and several server entries with valid 
> encrypted passwords
> run a build with maven4
> h3. Expected Results
> an info level message suggesting you migrate to maven4 encryption style iff 
> you no longer need compatibility with maven3.
> NB: some future (not initial) maven 4 version can change to this to a warning 
> saying it is deprecated and to be removed
> h3. Actual Results
> see warnings above
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to