Hello, I would define a single caching mirror repository (and maybe exclude all internal repositories which are already HTTPS). The mirror applies automatically to all repos, you don’t need to configure them individually.
And you should really really start on enabling HTTPS. It is imho no problem if some POM define a central with http, your settings.xml for that Repo-Id (and the mirror anyway) will have precedence. But if you insist, I heared you can remove the blocked tag in your maven/conf settings.. ;) just be aware that most likely your compliance and network departments will love you for getting rid of a insecure intrusion vector in your supply chain. Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: [email protected] <[email protected]> Gesendet: Wednesday, December 8, 2021 4:07:31 PM An: [email protected] <[email protected]> Betreff: request for documentation update about mirrors I hope this is the right mailing list; if I not, would appreciate a redirect. In the release notes for maven 3.8.1, here: https://maven.apache.org/docs/3.8.1/release-notes.html There is a helpfully titled section "How to fix when I get a HTTP repository blocked?" https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked It mentions 2 options: * Update to a newer version of the artifact you're fetching, which is presumably available over https * Define a mirror in your settings, which links to this page: https://maven.apache.org/guides/mini/guide-mirror-settings.html The first option is not helpful, since we are using a settings.xml which lists many http-only repositories, including one with an id of "central". Since these are all on our internal network, the usual concerns about security don't apply, or at least not in full force like they would on the public internet. (We don't let maven access the public internet. If a fellow coworker is trying to hijack my maven downloads, I suppose they might succeed. We'll keep taking that risk for now :)) That brings us to the second option: create a mirror. Unfortunately, the linked page doesn't even mention anything about blocking and unblocking. In fact, I can't find the <blocked> tag documented anywhere, though perhaps I'm looking in the wrong places. What I'd ideally like to see is a way to "undo" the mirror defined in the global settings in one fell swoop. That is, I do NOT want to go through the repos listed in our repositories, and then tediously create a mirror for each of them, one by one, and then remember to keep the two lists in sync if anything changes. So: can the documentation be updated to mention anything about unblocking, and is there any way to do what I want? Thanks, Mark. _________________________________________________________________________________________________________________________________________________________________________________________________________________________________ ?This message is for information purposes only, it is not a recommendation, advice, offer or solicitation to buy or sell a product or service nor an official confirmation of any transaction. It is directed at persons who are professionals and is not intended for retail customer use. Intended for recipient only. This message is subject to the terms at: www.barclays.com/emaildisclaimer<http://www.barclays.com/emaildisclaimer>. For important disclosures, please see: www.barclays.com/salesandtradingdisclaimer<http://www.barclays.com/salesandtradingdisclaimer> regarding market commentary from Barclays Sales and/or Trading, who are active market participants; https://www.investmentbank.barclays.com/disclosures/barclays-global-markets-disclosures.html regarding our standard terms for the Investment Bank of Barclays where we trade with you in principal-to-principal wholesale markets transactions; and in respect of Barclays Research, including disclosures relating to specific issuers, please see http://publicresearch.barclays.com.? _________________________________________________________________________________________________________________________________________________________________________________________________________________________________ If you are incorporated or operating in Australia, please see https://www.home.barclays/disclosures/importantapacdisclosures.html for important disclosure. _________________________________________________________________________________________________________________________________________________________________________________________________________________________________ How we use personal information see our privacy notice https://www.investmentbank.barclays.com/disclosures/personalinformationuse.html _________________________________________________________________________________________________________________________________________________________________________________________________________________________________
