[jira] [Created] (TAVERNA-1029) Avoid insecure http Maven repositories

Stian Soiland-Reyes (JIRA) Mon, 08 Jan 2018 06:22:25 -0800

Stian Soiland-Reyes created TAVERNA-1029:
--------------------------------------------


             Summary: Avoid insecure http Maven repositories
                 Key: TAVERNA-1029
                 URL: https://issues.apache.org/jira/browse/TAVERNA-1029
             Project: Apache Taverna
          Issue Type: Bug
          Components: Taverna Maven Parent
    Affects Versions: parent 2
            Reporter: Stian Soiland-Reyes
            Assignee: Stian Soiland-Reyes
             Fix For: parent 3


We should not depend on http Maven repositories like 
http://repository.springsource.com/maven/bundles/release - for security reasons 
only https should be used for downloading software.

https://repo.spring.io/release and https://repo.spring.io/milestone (e.g. 
https://repo.spring.io/milestone/org/springframework/osgi/spring-osgi-annotation/2.0.0.M1/)
 seems to replace the older repository.springsource.com - and dependencies from 
bundles/external (e.g. com.springsource.org.jdom) seem to be in 
https://jcenter.bintray.com/



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (TAVERNA-1029) Avoid insecure http Maven repositories

Reply via email to