[
https://issues.apache.org/jira/browse/MINSTALL-133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15720285#comment-15720285
]
ASF GitHub Bot commented on MINSTALL-133:
-----------------------------------------
GitHub user nhojpatrick opened a pull request:
https://github.com/apache/maven-plugins/pull/97
MINSTALL-133 createChecksum default true
Patch for https://issues.apache.org/jira/browse/MINSTALL-133
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/nhojpatrick/maven-plugins
bugfix/MINSTALL-133-createChecksum-true
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/maven-plugins/pull/97.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #97
----
commit d5ea2a8b57a9b212ba35728448fc0a4e2321fb66
Author: John Patrick <[email protected]>
Date: 2016-12-04T17:23:42Z
MINSTALL-133 createChecksum default true
----
> Take Security More Seriously - Checksum by default
> --------------------------------------------------
>
> Key: MINSTALL-133
> URL: https://issues.apache.org/jira/browse/MINSTALL-133
> Project: Maven Install Plugin
> Issue Type: Bug
> Components: install:install, install:install-file
> Affects Versions: 2.5.2
> Reporter: John Patrick
>
> I believe that a default of createChecksum being false is bad practice and a
> checksum should always being produced.
> Maven doesn't appear to have a guide so I'm looking towards the main apache
> guide i.e. https://www.apache.org/dev/release-signing.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
