On 15 January 2014 18:55, <[email protected]> wrote: > Author: ggregory > Date: Wed Jan 15 18:55:09 2014 > New Revision: 1558509 > > URL: http://svn.apache.org/r1558509 > Log: > Feed the password to Maven through the CLI > > Modified: > httpcomponents/project-release-tools/trunk/build.gradle > > Modified: httpcomponents/project-release-tools/trunk/build.gradle > URL: > http://svn.apache.org/viewvc/httpcomponents/project-release-tools/trunk/build.gradle?rev=1558509&r1=1558508&r2=1558509&view=diff > ============================================================================== > --- httpcomponents/project-release-tools/trunk/build.gradle (original) > +++ httpcomponents/project-release-tools/trunk/build.gradle Wed Jan 15 > 18:55:09 2014 > @@ -247,7 +247,8 @@ if (rcTagFile.exists() && rcRevisionFile > String name = getProductName(artifactId) > > println "Deploying ${name} ${releaseVer} based on > ${rcQualifier}" > - mvn.exec(checkoutRC.localDir, 'deploy', '-Prelease', > '-Dmaven.test.skip=true') > + mvn.exec(checkoutRC.localDir, 'deploy', '-Prelease', > '-Dmaven.test.skip=true',
Could be just -DskipTests > + '-Dgpg.passphrase=' + project.ext.'signing.password') I think it is risky to insist that the password is passed in on the command line, as it is easy to sniff on a shared system. Current RMs I'm sure are aware of the risks, but I don't think this should be left like this for ever - it sets a bad example. I'm fairly sure it is not necessary - it should be possible to use gpg-agent. At the very least, the password should be optional (i.e. only pass it if it is actually provided). But better not to encourage risky behaviour. > } > } > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
