[
https://issues.apache.org/jira/browse/MNG-5689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16411763#comment-16411763
]
Christopher Tubbs commented on MNG-5689:
----------------------------------------
Essentially, what I'm trying to do is avoid downloading corrupt artifacts from
a Maven Central mirror. I can configure the mirror, but I currently have no way
to set a strict checksum policy.
If there's an existing way to set the checksum policy for artifacts downloaded
from a mirror, then there's no need for what I'm suggesting.
> Checksum policy for mirrors
> ---------------------------
>
> Key: MNG-5689
> URL: https://issues.apache.org/jira/browse/MNG-5689
> Project: Maven
> Issue Type: Improvement
> Components: Settings
> Affects Versions: 3.2.3
> Reporter: Christopher Tubbs
> Priority: Major
> Labels: security-issue
>
> It does not appear that there is any way to configure a checksum policy for
> mirrors in the settings.xml file.
> In particular, I'd love to enforce a "strict" checksum policy on maven
> central. I can configure a mirrorOf central, but I cannot set the checksum
> policy. This seems like a big oversight.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
