[
https://issues.apache.org/jira/browse/MRESOLVER-516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17831345#comment-17831345
]
ASF GitHub Bot commented on MRESOLVER-516:
------------------------------------------
cstamas commented on code in PR #448:
URL: https://github.com/apache/maven-resolver/pull/448#discussion_r1541070087
##########
maven-resolver-generator-gnupg/src/main/java/org/eclipse/aether/generator/gnupg/loaders/GpgConfLoader.java:
##########
@@ -52,12 +52,7 @@ public final class GpgConfLoader implements
GnupgSignatureArtifactGeneratorFacto
/**
* Maximum key size, see <a href="https://wiki.gnupg.org/LargeKeys";>Large
Keys</a>.
*/
- private static final long MAX_SIZE = 5 * 1024 + 1L;
-
- @Override
- public boolean isInteractive() {
- return false;
- }
+ private static final long MAX_SIZE = 16 * 1024 + 1L;
Review Comment:
See https://wiki.gnupg.org/LargeKeys
In other words, use Ed25519 key, and leave RSA ones (that are 60 times
slower as well) to oblivion. Btw, GnuPG 2.4.x (unsure here, maybe since 2.1?)
_by default_ generates Ed25519 keys (unless explicitly asked for RSA). The RSA
keys are slowly being phased out.
> Align GPG signature generator
> -----------------------------
>
> Key: MRESOLVER-516
> URL: https://issues.apache.org/jira/browse/MRESOLVER-516
> Project: Maven Resolver
> Issue Type: Task
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 2.0.0, 2.0.0-alpha-9
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
