[
https://jira.codehaus.org/browse/MRELEASE-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=333663#comment-333663
]
Robert Scholte commented on MRELEASE-766:
-----------------------------------------
I've fixed MRELEASE-846, which means that both passwords and passphrases will
always be encrypted when possible. If there's no other idea or patch to improve
this, I'm going to close this as being superseded by MRELEASE-846
> release:prepare stores settings.xml in a public directory
> ---------------------------------------------------------
>
> Key: MRELEASE-766
> URL: https://jira.codehaus.org/browse/MRELEASE-766
> Project: Maven Release Plugin
> Issue Type: Bug
> Components: prepare
> Affects Versions: 2.2.2
> Reporter: Joseph Walton
>
> The fix for MRELEASE-577 involves copying {{settings.xml}} into a temporary
> directory. On a shared machine, it's possible that users have passwords
> configured in this file. Although they should probably have used
> {{settings-security.xml}} some will have set file permissions to prevent
> other users from reading their settings.
> If a build fails the file can be behind in /tmp.
> The copy should either be set to world-unreadable before any contents are
> written or created in a non-public location.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
