elharo commented on code in PR #680:
URL: https://github.com/apache/maven-site/pull/680#discussion_r1949718990
##########
content/apt/guides/mini/guide-encryption.apt:
##########
@@ -83,6 +83,8 @@ mvn --encrypt-master-password <password>
</settingsSecurity>
+------------------------------------+
+ <The encrypted version of the master password is encrypted with a
{{{https://github.com/apache/maven/blob/fe25a2627c1dafeb44188dad9f45dfd5fe965a98/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java#L856}hardcoded
key}}, so please treat it as if the password is stored in the file in plain
text.>
Review Comment:
Also, this really looks like a bug we need to fix instead of documenting. I
suspect whoever wrote this code incorrectly thought the data was being
encrypted. It's surprising that they used "settings.security" as the password.
Hard to believe that was intended.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
