jira-importer opened a new issue, #196: URL: https://github.com/apache/maven-jar-plugin/issues/196
**[Laurent Goujon](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=laurentgo)** opened **[MJAR-309](https://issues.apache.org/jira/browse/MJAR-309?redirect=false)** and commented When a new modular jar file is generated with `maven-jar-plugin` with Java 11, the final permissions of the file are restricted to the current user instead of using the environment umask which usually allows for group and other users to access the file as well. This is caused by the use of `Files#createTempFile()` in `plexus-archiver` to rewrite the original jar file. The method has a restrictive file permission model for security reason but as the temporary file is generated next to the original jar file, and there's no sensitive reason to restrict its access, the restrictive file permission should not be needed. The change of permissions causes some issues in some build environment like Github Actions for example (used by Apache Arrow. See https://github.com/apache/arrow/pull/41309 for details) Issue has been reported to `plexus-archiver` as https://github.com/codehaus-plexus/plexus-archiver/issues/332 with a [fix](https://github.com/codehaus-plexus/plexus-archiver/pull/333) being merged in the project's master branch --- **Affects:** 3.4.1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
