[
https://issues.apache.org/jira/browse/MPOM-118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15303659#comment-15303659
]
Christopher Tubbs commented on MPOM-118:
----------------------------------------
I meant, in case they are already specifying gpgArguments options that they'd
want in addition to this one. Specifying the append option will mean that their
arguments won't override this one, but instead will be appended to it (as
additional parameters to the gpg command line), unless they really do want to
override, in which case, they can do so with {{combine.self="override"}}.
> Enforce strong GPG signatures by default
> ----------------------------------------
>
> Key: MPOM-118
> URL: https://issues.apache.org/jira/browse/MPOM-118
> Project: Maven POMs
> Issue Type: Improvement
> Components: asf
> Affects Versions: ASF-17
> Reporter: Christopher Tubbs
> Fix For: ASF-19
>
>
> maven-gpg-plugin configuration could be improved a bit so that ASF releases
> are not weakened by a user's weak personal configuration.
> I suggest adding something like the following to maven-gpg-plugin's
> configuration in the pluginManagement section:
> {code:xml}
> <gpgArguments combine.children="append">
> <arg>--digest-algo=SHA512</arg>
> </gpgArguments>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
