[ https://issues.apache.org/jira/browse/MNG-5689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17255142#comment-17255142 ]
Michael Osipov commented on MNG-5689: ------------------------------------- Marking as wontfix-candidate. Default checksum policy is now strict. Maven Central will be soon moved out of Core and you can beĀ configured whatever you want: [https://github.com/apache/maven/pull/419.] Do we still need this? > Checksum policy for mirrors > --------------------------- > > Key: MNG-5689 > URL: https://issues.apache.org/jira/browse/MNG-5689 > Project: Maven > Issue Type: Improvement > Components: Settings > Affects Versions: 3.2.3 > Reporter: Christopher Tubbs > Priority: Major > Labels: security-issue > Fix For: Issues to be reviewed for 4.x, wontfix-candidate > > > It does not appear that there is any way to configure a checksum policy for > mirrors in the settings.xml file. > In particular, I'd love to enforce a "strict" checksum policy on maven > central. I can configure a mirrorOf central, but I cannot set the checksum > policy. This seems like a big oversight. -- This message was sent by Atlassian Jira (v8.3.4#803005)