[ https://issues.apache.org/jira/browse/MINSTALL-133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15720285#comment-15720285 ]
ASF GitHub Bot commented on MINSTALL-133: ----------------------------------------- GitHub user nhojpatrick opened a pull request: https://github.com/apache/maven-plugins/pull/97 MINSTALL-133 createChecksum default true Patch for https://issues.apache.org/jira/browse/MINSTALL-133 You can merge this pull request into a Git repository by running: $ git pull https://github.com/nhojpatrick/maven-plugins bugfix/MINSTALL-133-createChecksum-true Alternatively you can review and apply these changes as the patch at: https://github.com/apache/maven-plugins/pull/97.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #97 ---- commit d5ea2a8b57a9b212ba35728448fc0a4e2321fb66 Author: John Patrick <nhoj.patr...@gmail.com> Date: 2016-12-04T17:23:42Z MINSTALL-133 createChecksum default true ---- > Take Security More Seriously - Checksum by default > -------------------------------------------------- > > Key: MINSTALL-133 > URL: https://issues.apache.org/jira/browse/MINSTALL-133 > Project: Maven Install Plugin > Issue Type: Bug > Components: install:install, install:install-file > Affects Versions: 2.5.2 > Reporter: John Patrick > > I believe that a default of createChecksum being false is bad practice and a > checksum should always being produced. > Maven doesn't appear to have a guide so I'm looking towards the main apache > guide i.e. https://www.apache.org/dev/release-signing.html -- This message was sent by Atlassian JIRA (v6.3.4#6332)