Skip to content

[MNG-8379] Decrypt all of settings on building it#1913

Merged
cstamas merged 6 commits intoapache:masterfrom
cstamas:MNG-8379
Nov 16, 2024
Merged

[MNG-8379] Decrypt all of settings on building it#1913
cstamas merged 6 commits intoapache:masterfrom
cstamas:MNG-8379

Conversation

@cstamas
Copy link
Member

@cstamas cstamas commented Nov 15, 2024
edited
Loading

The decryption should happen transparently, also, resolver should not decrypt for itself only, whole maven should have access to all.

This PR also disables Maven 3.0 IT MNG-4459 as Maven4 stops with this "security through obscurity" (keep encrypted pw in memory kinda for "security reasons" but in reality any mojo or extension can decrypt anything they want).

https://issues.apache.org/jira/browse/MNG-8379

@cstamas
[MNG-8379] Decrypt all of settings on building it
e2fd914 
The decryption should happen transparently, also, resolver
should not decrypt for itself only, whole maven should have
access to all.

---

https://issues.apache.org/jira/browse/MNG-8379
@cstamas cstamas requested a review from gnodet November 15, 2024 12:30
@cstamas cstamas self-assigned this Nov 15, 2024
@cstamas cstamas marked this pull request as ready for review November 15, 2024 15:07
@cstamas cstamas added this to the 4.0.0-beta-6 milestone Nov 15, 2024
@cstamas
Copy link
Member Author

cstamas commented Nov 15, 2024

LGTM! Thanks!

@cstamas cstamas merged commit 1614226 into apache:master Nov 16, 2024
@cstamas cstamas deleted the MNG-8379 branch November 16, 2024 13:55
@jira-importer
Copy link

jira-importer commented Jul 7, 2025

Resolve #9475

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gnodet gnodet gnodet approved these changes

Assignees

@cstamas cstamas

Labels

None yet

Projects

None yet

Milestone

4.0.0-rc-1

Development

Successfully merging this pull request may close these issues.

3 participants

@cstamas @jira-importer @gnodet