Sean Owen created SPARK-2879:
--------------------------------
Summary: Use HTTPS to access Maven Central and other repos
Key: SPARK-2879
URL: https://issues.apache.org/jira/browse/SPARK-2879
Project: Spark
Issue Type: Improvement
Components: Build
Affects Versions: 1.0.1
Reporter: Sean Owen
Priority: Minor
Maven Central has just now enabled HTTPS access for everyone to Maven Central
(http://central.sonatype.org/articles/2014/Aug/03/https-support-launching-now/)
This is timely, as a reminder of how easily an attacker can slip malicious code
into a build that's downloading artifacts over HTTP
(http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/).
In the meantime, it looks like the Spring repo also now supports HTTPS, so can
be used this way too.
I propose to use HTTPS to access these repos.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
