[
https://issues.apache.org/jira/browse/CONNECTORS-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17552069#comment-17552069
]
PJ Fanning edited comment on CONNECTORS-1716 at 6/9/22 9:19 AM:
----------------------------------------------------------------
[~kwri...@metacarta.com] https://github.com/apache/manifoldcf/pull/121
The reason not to use http in the build is that malicious actors could spoof
the maven repo and you could end up building with a hacked version of the third
party lib.
was (Author: pj.fanning):
[~kwri...@metacarta.com] https://github.com/apache/manifoldcf/pull/121
> should not use http to download artifacts (need https)
> ------------------------------------------------------
>
> Key: CONNECTORS-1716
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1716
> Project: ManifoldCF
> Issue Type: Bug
> Reporter: PJ Fanning
> Assignee: Karl Wright
> Priority: Major
>
> build.xml has a number of insecure http URLs
> the nexus one is a special problem because the https equivalent has the wrong
> SSL cert - see https://maven.nuxeo.com/
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
