I see a massive headache incoming doing this. Is there a middle ground
we can encourage people to use that isn't going to break everyone
downstream?
Can we make some recommendations to clients about how to use HTTPS
instead of HTTP access to avoid the MITM attack (which I assume is the
primary reason for suggesting the update).
On 8/17/2014 4:57 PM, Sean Busbey wrote:
Now that Maven has released version 3.2.3 to default HTTPS access to maven
central, anyone have an objection to updating our enforcer rules to require
it?
http://maven.apache.org/docs/3.2.3/release-notes.html
