[
https://issues.apache.org/jira/browse/GERONIMO-3969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590754#action_12590754
]
Jacek Laskowski commented on GERONIMO-3969:
-------------------------------------------
Although I have almost no experience as far as maven plugins go yet I'm leaning
towards Brill's point of view. I consider settings.xml file a global registry
of user settings. The settings.xml file's documentation page -
http://maven.apache.org/ref/2.0.8/maven-settings/settings.html reads:
"This is a reference for the user-specific configuration for Maven."
So, I can envision that when a project uses Geronimo a developer could
configure it differently with properties (as Dave pointed out) or <server>
stanza. Although <server> stanza is used for wagon-based plugins (deploy and
such) we could borrow some ideas from it to let people use it for Geronimo too.
If they don't it quickly becomes a dead code and we'll whack it. It should be
pretty easy to implement and I'd bet there're people out there who'd like to
contribute to Geronimo and that would be an excellent task to get started with.
BTW, Dave, why are you so worried that we could potentially overuse <server>
stanza?
> maven2 module goals should use standard server definitions.
> -----------------------------------------------------------
>
> Key: GERONIMO-3969
> URL: https://issues.apache.org/jira/browse/GERONIMO-3969
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: car-maven-plugin, geronimo-maven-plugin
> Affects Versions: 2.1
> Environment: Geronimo 2.1
> Reporter: Brill Pappin
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The maven 2 geronimo plugins should be using the server definitions that are
> usually entered in the settings.xml file.
> However it appears that I have to add the administrators username and
> password to the plugin definition, which in turn means that some highly
> secured information will get checked into source control.
> If it does userthe server definitions, then that fact is not documented on
> the plugin site (that I could find). located at:
> http://geronimo.apache.org/maven/server/maven-plugins/geronimo-maven-plugin/plugin-info.html
> I hesitate to call this a bug because it may still work, but its darn close
> because of the security implications (in my case it makes it unusable).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
