kwin commented on code in PR #680:
URL: https://github.com/apache/maven-site/pull/680#discussion_r1949564540
##########
content/apt/guides/mini/guide-encryption.apt:
##########
@@ -83,6 +83,8 @@ mvn --encrypt-master-password <password>
</settingsSecurity>
+------------------------------------+
+ <The encrypted version of the master password is encrypted with a
{{{https://github.com/apache/maven/blob/fe25a2627c1dafeb44188dad9f45dfd5fe965a98/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java#L856}hardcoded
key}}, so please treat it as if the password is stored in the file in plain
text.>
Review Comment:
I don't think this PR is the proper place to discuss impl details, but you
are looking at the wrong version of it. Maven 3.x uses 2.0
(https://github.com/apache/maven/blob/fe25a2627c1dafeb44188dad9f45dfd5fe965a98/pom.xml#L144):
https://github.com/codehaus-plexus/plexus-cipher/blob/plexus-cipher-2.0/src/main/java/org/sonatype/plexus/components/cipher/PlexusCipher.java
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
