repo1.maven.org should support HTTPS and HTTP requests should be redirected to
HTTPS
------------------------------------------------------------------------------------
Key: MNG-5154
URL: https://jira.codehaus.org/browse/MNG-5154
Project: Maven 2 & 3
Issue Type: Bug
Reporter: Eric Rannaud
As "Java runs the Internet" (sic), and that "Maven is awesome" (sic again --
these are real quotes, google them), man-in-the-middle attacks that inject bad
code in downloaded JARs that are then happily and blindly executed on the
machines of the developers that build the software that run the aforementioned
Internet without any authentication whatsoever is not a very good idea.
Once upon a time, when Maven was invented, back in 1985, there was an
understandable certain "naivete" when it came to such things as security. The
world was a happy place where no one tried to own developers machines, because
nobody understood, yet, that developers machines are the best way to distribute
malware all over the fricking place.
But this is 2011, a year that saw shinny new social networks redirect all HTTP
requests to HTTPS from day one, so I'm sure that now is a good time to
reconsider.
Thanks.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
