[ https://issues.apache.org/jira/browse/MPOM-118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15304712#comment-15304712 ]
Christopher Tubbs commented on MPOM-118: ---------------------------------------- Okay. Deferring to individual projects makes sense. The default is {{combine.children="merge"}}. I'm actually not too sure how that one works for List types and haven't tested it in this circumstance. But, hopefully, such cases will still benefit from this change. > Enforce strong GPG signatures by default > ---------------------------------------- > > Key: MPOM-118 > URL: https://issues.apache.org/jira/browse/MPOM-118 > Project: Maven POMs > Issue Type: Improvement > Components: asf > Affects Versions: ASF-17 > Reporter: Christopher Tubbs > Fix For: ASF-19 > > > maven-gpg-plugin configuration could be improved a bit so that ASF releases > are not weakened by a user's weak personal configuration. > I suggest adding something like the following to maven-gpg-plugin's > configuration in the pluginManagement section: > {code:xml} > <gpgArguments combine.children="append"> > <arg>--digest-algo=SHA512</arg> > </gpgArguments> > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)