We often joke about 'Maven downloading the internet', but how often are we concerned about what is actually downloaded? I've written some thoughts (http://branchandbound.net/blog/security/2012/03/crossbuild-injection-how-safe-is-your-build/) on cross-build injection attacks, where malicious code could be injected into a build.
What do you guys do in practice to prevent this? Does anyone have real-life experience with such an attack? Regards, Sander -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/IYYRXwJGu8oJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
