On Fri, 26 Apr 2024 11:30:24 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
> Adding `-L` (follow redirects) to unconditionally follow redirects doesn't > look right to me. I think, one would want to know, during the build process, > if any URLs that are in use (like this one) have changed their location and > then decide if the build script should be updated to point to the new URL. > I'll let the build team decide if this is OK to change. I don't know anything > about the server (Maven mirror?) you are using that's generating this > redirect, to suggest a workaround. The script already falls back on wget if curl isn't found and that will AFAIK follow redirects by default. If we want to secure the download, we should add checksums in the script for each jar being downloaded. I don't think inconveniencing the download is the right approach for improving security. ------------- PR Comment: https://git.openjdk.org/jdk/pull/18965#issuecomment-2079313636
