[
https://issues.apache.org/jira/browse/MGPG-137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17883817#comment-17883817
]
Tamas Cservenak commented on MGPG-137:
--------------------------------------
Is not safer at all, "encryption" is really just obfuscation by obscurity,
moreover, that "encryption" is even broken (as can be seen from plexus-cipher
changes).
> Un-deprecate passphraseServerId
> -------------------------------
>
> Key: MGPG-137
> URL: https://issues.apache.org/jira/browse/MGPG-137
> Project: Maven GPG Plugin
> Issue Type: Bug
> Affects Versions: 3.2.5
> Reporter: Lenny Primak
> Priority: Major
>
> IMHO this parameter has been deprecated in error.
> It is used to referenced the "server" field in settings.xml, where
> passphrases are stored in an encrypted fashion. This is actually safer than
> setting clear-text passwords in environment variables in practice.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
