Sorry, I thought he originally meant a mirror of Maven Central not a mirror of Apache.
On Jun 27, 2014, at 5:52 PM, Hervé BOUTEMY <[email protected]> wrote: > Le vendredi 27 juin 2014 17:36:17 Jason van Zyl a écrit : >> On Jun 27, 2014, at 4:11 PM, Hervé BOUTEMY <[email protected]> wrote: >>> Le vendredi 27 juin 2014 07:25:08 Jason van Zyl a écrit : >>>> I've never seen those mirrors before. The Apache Maven PMC is a aware of >>>> and collaborate with Sonatype on the canonical Maven Central and >>>> collectively we would assert the content is valid. Anything else and >>>> you're on your own. I honestly wouldn't use those mirrors. Maven Central >>>> is currently served using a CDN which generally has edges not too far >>>> away from you. >>> >>> -1 >> >> Really? Do you check the other mirrors? I don't think any of us do? We >> should but we don't as far as I know. If it's an official mirror then >> what's the standard? If someone goes "Hey, I want to be a mirror" and we >> call them an official mirror and they fill it with malicious artifacts we >> would be none the wiser. > it's ASF mirror, with ASF policy, that works for more than Apache Maven > >> >> I at least know what happens with the current Maven Central machines, and >> I'm reasonably assured of the security. Note I'm not affiliated with >> Sonatype anymore, I just know they have a good IT staff. > notice I'm affiliated with ASF and I know they have a good IT staff too: that > does not mean that other organization don't have good IT staff > But since it's Apache Maven, as member of Maven PMC, I just need to remember > users that Apache dist area (with its mirrors) is the official Apache > distribution area for any Apache project > > I know we have another good distribution space with central > >> >> So I stand by my claim that I would not use anything but the primary because >> there is no vetting process whatsoever. > yes: primary = Apache dist (which contains signatures to check against to be > sure that nothing wrong happened) > > Regards, > > Hervé > > >>> apache.igor.onlinedirect.bg is an official Apache mirror [1] >>> so this is an official source to download Maven >>> >>> I just tried and didn't have any problem: perhaps there was a >>> synchronization issue >>> in any case, you sould take time to check signature to verify nothing has >>> been damaged >>> >>> Regards, >>> >>> Hervé >>> >>> [1] http://www.apache.org/mirrors/#bg >>> >>>> On Jun 25, 2014, at 7:04 AM, Kristiyan Marinov <[email protected]> > wrote: >>>>> Hi all, >>>>> >>>>> I had to download a few different Maven versions today and noticed that >>>>> each time I downloaded a binary distribution from the >>>>> http://apache.igor.onlinedirect.bg/ mirror Google Chrome rejected it as >>>>> a >>>>> malicious file. Switching the mirror to http://apache.cbox.biz/ produced >>>>> no >>>>> such complaints from Chrome. >>>>> >>>>> Has anyone else noticed such issues? Could there be something wrong with >>>>> the mirror? >>>>> >>>>> >>>>> Cheers, >>>>> Kristiyan >>>> >>>> Thanks, >>>> >>>> Jason >>>> >>>> ---------------------------------------------------------- >>>> Jason van Zyl >>>> Founder, Apache Maven >>>> http://twitter.com/jvanzyl >>>> http://twitter.com/takari_io >>>> --------------------------------------------------------- >>>> >>>> Our achievements speak for themselves. What we have to keep track >>>> of are our failures, discouragements and doubts. We tend to forget >>>> the past difficulties, the many false starts, and the painful >>>> groping. We see our past achievements as the end result of a >>>> clean forward thrust, and our present difficulties as >>>> signs of decline and decay. >>>> >>>> -- Eric Hoffer, Reflections on the Human Condition >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >> >> Thanks, >> >> Jason >> >> ---------------------------------------------------------- >> Jason van Zyl >> Founder, Apache Maven >> http://twitter.com/jvanzyl >> http://twitter.com/takari_io >> --------------------------------------------------------- >> >> A man enjoys his work when he understands the whole and when he >> is responsible for the quality of the whole >> >> -- Christopher Alexander, A Pattern Language > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > Thanks, Jason ---------------------------------------------------------- Jason van Zyl Founder, Apache Maven http://twitter.com/jvanzyl http://twitter.com/takari_io --------------------------------------------------------- We all have problems. How we deal with them is a measure of our worth. -- Unknown
