Le vendredi 27 juin 2014 17:36:17 Jason van Zyl a écrit : > On Jun 27, 2014, at 4:11 PM, Hervé BOUTEMY <[email protected]> wrote: > > Le vendredi 27 juin 2014 07:25:08 Jason van Zyl a écrit : > >> I've never seen those mirrors before. The Apache Maven PMC is a aware of > >> and collaborate with Sonatype on the canonical Maven Central and > >> collectively we would assert the content is valid. Anything else and > >> you're on your own. I honestly wouldn't use those mirrors. Maven Central > >> is currently served using a CDN which generally has edges not too far > >> away from you. > > > > -1 > > Really? Do you check the other mirrors? I don't think any of us do? We > should but we don't as far as I know. If it's an official mirror then > what's the standard? If someone goes "Hey, I want to be a mirror" and we > call them an official mirror and they fill it with malicious artifacts we > would be none the wiser. it's ASF mirror, with ASF policy, that works for more than Apache Maven
> > I at least know what happens with the current Maven Central machines, and > I'm reasonably assured of the security. Note I'm not affiliated with > Sonatype anymore, I just know they have a good IT staff. notice I'm affiliated with ASF and I know they have a good IT staff too: that does not mean that other organization don't have good IT staff But since it's Apache Maven, as member of Maven PMC, I just need to remember users that Apache dist area (with its mirrors) is the official Apache distribution area for any Apache project I know we have another good distribution space with central > > So I stand by my claim that I would not use anything but the primary because > there is no vetting process whatsoever. yes: primary = Apache dist (which contains signatures to check against to be sure that nothing wrong happened) Regards, Hervé > > apache.igor.onlinedirect.bg is an official Apache mirror [1] > > so this is an official source to download Maven > > > > I just tried and didn't have any problem: perhaps there was a > > synchronization issue > > in any case, you sould take time to check signature to verify nothing has > > been damaged > > > > Regards, > > > > Hervé > > > > [1] http://www.apache.org/mirrors/#bg > > > >> On Jun 25, 2014, at 7:04 AM, Kristiyan Marinov <[email protected]> wrote: > >>> Hi all, > >>> > >>> I had to download a few different Maven versions today and noticed that > >>> each time I downloaded a binary distribution from the > >>> http://apache.igor.onlinedirect.bg/ mirror Google Chrome rejected it as > >>> a > >>> malicious file. Switching the mirror to http://apache.cbox.biz/ produced > >>> no > >>> such complaints from Chrome. > >>> > >>> Has anyone else noticed such issues? Could there be something wrong with > >>> the mirror? > >>> > >>> > >>> Cheers, > >>> Kristiyan > >> > >> Thanks, > >> > >> Jason > >> > >> ---------------------------------------------------------- > >> Jason van Zyl > >> Founder, Apache Maven > >> http://twitter.com/jvanzyl > >> http://twitter.com/takari_io > >> --------------------------------------------------------- > >> > >> Our achievements speak for themselves. What we have to keep track > >> of are our failures, discouragements and doubts. We tend to forget > >> the past difficulties, the many false starts, and the painful > >> groping. We see our past achievements as the end result of a > >> clean forward thrust, and our present difficulties as > >> signs of decline and decay. > >> > >> -- Eric Hoffer, Reflections on the Human Condition > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > Thanks, > > Jason > > ---------------------------------------------------------- > Jason van Zyl > Founder, Apache Maven > http://twitter.com/jvanzyl > http://twitter.com/takari_io > --------------------------------------------------------- > > A man enjoys his work when he understands the whole and when he > is responsible for the quality of the whole > > -- Christopher Alexander, A Pattern Language --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
