[ https://issues.apache.org/jira/browse/CONNECTORS-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17552069#comment-17552069 ]
PJ Fanning edited comment on CONNECTORS-1716 at 6/9/22 9:19 AM: ---------------------------------------------------------------- [~kwri...@metacarta.com] https://github.com/apache/manifoldcf/pull/121 The reason not to use http in the build is that malicious actors could spoof the maven repo and you could end up building with a hacked version of the third party lib. was (Author: pj.fanning): [~kwri...@metacarta.com] https://github.com/apache/manifoldcf/pull/121 > should not use http to download artifacts (need https) > ------------------------------------------------------ > > Key: CONNECTORS-1716 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1716 > Project: ManifoldCF > Issue Type: Bug > Reporter: PJ Fanning > Assignee: Karl Wright > Priority: Major > > build.xml has a number of insecure http URLs > the nexus one is a special problem because the https equivalent has the wrong > SSL cert - see https://maven.nuxeo.com/ -- This message was sent by Atlassian Jira (v8.20.7#820007)