[
https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590745#action_12590745
]
David Jencks commented on GERONIMO-3969:
----------------------------------------
To me, the use for the maven-deploy-plugin seems different in character to the
use in the tomcat-maven-plugin. For one thing all the possible settings
(file/directory permissions) are relevant. I'd prefer some confirmation from
maven developers that use of a server id would be appropriate here before
making any changes. Substitution properties are used quite a bit in the maven
builds, such as to specify the staging repo for plugin deployment.
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are
> usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and
> password to the plugin definition, which in turn means that some highly
> secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on
> the plugin site (that I could find). located at:
> http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close
> because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
