As you know, Maven Central has become an increasingly important resource for the development community at large. We've put several efforts forward earlier this year to help improve the content quality and to reduce the time required to get artifacts into the repository. These have matured over time and are now automatically validating artifacts. These processes are documented at [1] and [2]
Earlier this year, we stopped accepting new feeds via Rsync and Svn[3]. The current rsyncs and svn imports will be maintained through the end of the year, at which point they will be disabled. Please look to migrate your projects to an approved forge[1]. We're at over 120gb worth of open source artifacts and metadata. As the popularity and amount of content increases, so does the incentive for attacking the system and pollute the contents. Over recent months, scanning and other attempts at intrusion have increased to an unacceptable level. This, combined with the fact that the process for managing inbound data is external to Central, we have decided to take some steps to secure the systems. We now have a staging location hosted on a separate machine where all the artifacts are collected, analyzed and then pushed to the live system. This serves to gate the access and allow validation of artifacts before they hit the public urls. It also means we have a hot backup should something happen to the primary machine. In addition to having multiple checkpoints for the artifacts to pass through, and to further secure the systems from the constant brute force attempts, we have shut off all external access to the systems, except for http over port 80. In addition to securing the systems and data, we have worked with Contegix to provision two new machines in their UK location. These are official mirrors of Central and updated at the same rate as repo1. The public url to access these mirrors will be announced next week. We anticipate providing additional mirrors in Asia/Australia within the next 6 months. We've also created a new Jira project to manage any and all concerns and issues with Central, the Mirrors, Content, etc[4] Thanks, Brian [1] https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide [2] https://docs.sonatype.org/display/Repository/Uploading+3rd-party+Artifacts+to+Maven+Central [3] http://maven.apache.org/guides/mini/guide-central-repository-upload.html [4] https://issues.sonatype.org/browse/MVNCENTRAL
