[
https://jira.codehaus.org/browse/MGPG-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=276634#comment-276634
]
Stephen Connolly commented on MGPG-31:
--------------------------------------
The correct way to handle this is to use an agent ideally integrated with the
OS.
However, I have seen enough people who don't take the security of their GPG
keys religiously. So just because there are people who think that the right
thing is never to leave your passphrase on any disk in a reversible encryption,
does not mean that we cannot support those who feel comfortable with the
(hopefully educated) risk.
If somebody has a patch with test cases...
> Integrate w/ Maven password encryption to avoid need to type passphrase
> -----------------------------------------------------------------------
>
> Key: MGPG-31
> URL: https://jira.codehaus.org/browse/MGPG-31
> Project: Maven 2.x GPG Plugin
> Issue Type: Improvement
> Affects Versions: 1.1
> Environment: JDK 6u21, Ubuntu, Maven 3.0 RC1
> Reporter: Jesse Glick
> Priority: Minor
> Labels: contributers-welcome
> Fix For: 1.4
>
>
> It is cumbersome to be prompted for a passphrase during both release:prepare
> and release:perform:
> {noformat}
> [INFO] --- maven-gpg-plugin:1.1:sign (sign-artifacts) @ nbm-maven-plugin
> ---
> GPG Passphrase: *
> {noformat}
> I already use http://maven.apache.org/guides/mini/guide-encryption.html (with
> a master password on an Ubuntu encrypted filesystem) so why do I need to type
> this pass phrase each time too?
> Not clear to me whether MGPG-30 already permits this. In any event, the
> plugin documentation does not seem to mention this as a use case.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
