Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Auto Closed
-
ASF-9
-
None
-
None
Description
The apache-release profile contains the following settings:
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<configuration>
<passphrase>${gpg.passphrase}</passphrase>
<useAgent>true</useAgent>
</configuration>
This is bad, because it unconditionally forces the use of an agent which may not be appropriate for all use cases.
The code should use the relevant property, i.e.
<properties>
<gpg.useagent>true</gpg.useagent>
...
</properties>
...
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<configuration>
<passphrase>${gpg.passphrase}</passphrase>
<useAgent>${gpg.useagent}</useAgent>
</configuration>
This would still default to true, but would allow command-line override.