[
https://issues.apache.org/jira/browse/MRESOLVER-516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17831352#comment-17831352
]
ASF GitHub Bot commented on MRESOLVER-516:
------------------------------------------
cstamas commented on code in PR #448:
URL: https://github.com/apache/maven-resolver/pull/448#discussion_r1541070087
##########
maven-resolver-generator-gnupg/src/main/java/org/eclipse/aether/generator/gnupg/loaders/GpgConfLoader.java:
##########
@@ -52,12 +52,7 @@ public final class GpgConfLoader implements
GnupgSignatureArtifactGeneratorFacto
/**
* Maximum key size, see <a href="https://wiki.gnupg.org/LargeKeys";>Large
Keys</a>.
*/
- private static final long MAX_SIZE = 5 * 1024 + 1L;
-
- @Override
- public boolean isInteractive() {
- return false;
- }
+ private static final long MAX_SIZE = 16 * 1024 + 1L;
Review Comment:
See https://wiki.gnupg.org/LargeKeys
In other words, use Ed25519 key, and leave RSA ones (that are 60 times
slower as well) to oblivion. Btw, GnuPG 2.4.x (unsure here, maybe since 2.1, or
2.2 or 2.3?) _by default_ generates Ed25519 keys (unless explicitly asked for
RSA). The RSA keys are slowly being phased out.
> Align GPG signature generator
> -----------------------------
>
> Key: MRESOLVER-516
> URL: https://issues.apache.org/jira/browse/MRESOLVER-516
> Project: Maven Resolver
> Issue Type: Task
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 2.0.0, 2.0.0-alpha-9
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
