[ https://issues.apache.org/jira/browse/MINSTALL-133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15720301#comment-15720301 ]
Robert Scholte commented on MINSTALL-133: ----------------------------------------- Even though that parameter is specified in this plugin, I think it belongs to the maven-deploy-plugin. IIRC that's also that's also he approach chosen by Aether/Maven Resolver. Not sure what its default is. > Take Security More Seriously - Checksum by default > -------------------------------------------------- > > Key: MINSTALL-133 > URL: https://issues.apache.org/jira/browse/MINSTALL-133 > Project: Maven Install Plugin > Issue Type: Bug > Components: install:install, install:install-file > Affects Versions: 2.5.2 > Reporter: John Patrick > > I believe that a default of createChecksum being false is bad practice and a > checksum should always being produced. > Maven doesn't appear to have a guide so I'm looking towards the main apache > guide i.e. https://www.apache.org/dev/release-signing.html -- This message was sent by Atlassian JIRA (v6.3.4#6332)