I think the idea of having the plain-text password in the release.properties file is dangerous enough. Do you think it will be ok to just remove it, then always ask for a password during the release?
On Thu, Apr 24, 2008 at 11:54 AM, Wendy Smoak <[EMAIL PROTECTED]> wrote: > On Thu, Apr 24, 2008 at 11:43 AM, Rahul Thakur > <[EMAIL PROTECTED]> wrote: > > Same thought. > > > > release.properties is a temporary file used by Maven; if for some > reason it > > persists, we can choose not to display its contents. > > Can we apply the filter only to Maven 2 projects? (A shell or ant > project might use that filename for something unrelated...) > > This only solves part of the problem, since if the file exists, anyone > with a project developer role could get to it and display it by adding > a shell project with a simple script.) > > What can we do to clean up better after a failed release? (It would > be manual, but does the rollback feature even work? IIRC it hung last > time I tried it.) > > -- > Wendy >
