[
https://issues.apache.org/jira/browse/MNG-5689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17255142#comment-17255142
]
Michael Osipov commented on MNG-5689:
-------------------------------------
Marking as wontfix-candidate. Default checksum policy is now strict. Maven
Central will be soon moved out of Core and you can beĀ configured whatever you
want: [https://github.com/apache/maven/pull/419.] Do we still need this?
> Checksum policy for mirrors
> ---------------------------
>
> Key: MNG-5689
> URL: https://issues.apache.org/jira/browse/MNG-5689
> Project: Maven
> Issue Type: Improvement
> Components: Settings
> Affects Versions: 3.2.3
> Reporter: Christopher Tubbs
> Priority: Major
> Labels: security-issue
> Fix For: Issues to be reviewed for 4.x, wontfix-candidate
>
>
> It does not appear that there is any way to configure a checksum policy for
> mirrors in the settings.xml file.
> In particular, I'd love to enforce a "strict" checksum policy on maven
> central. I can configure a mirrorOf central, but I cannot set the checksum
> policy. This seems like a big oversight.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
