Hi Miroslav,

> On 9 May 2017, at 10:34, Miroslav Galajda <miroslav.gala...@gmail.com> wrote:
> Hi,
> when checking for extension updates in xwiki administration, the extension
> updater lists some errors.
> After some investigation, I've found that xwiki is trying to call some REST
> api pointing to url like this:
> https://store.xwiki.com/xwiki/rest/repository/extensions/[URL_ENDING_PART]
> where the [URL_ENDING_PART] was one of the following examples found in the
> log:
> - com.google.code.findbugs%3Aannotations/versions/api
> -
> org.xwiki.platform%3Axwiki-platform-blog-ui/versions?requireTotalHits=true&start=0&number=-1
> -
> org.xwiki.contrib.ldap%3Aldap-authenticator/versions?requireTotalHits=true&start=0&number=-1
> The reason for the above listed https calls is due to our proxy that is
> inspecting every outgoing communication and has denied the requests to
> store.xwiki.com. The proxy uses CISCO list of untrusted web sites which
> says this:
> Threat Type: othermalware
> Threat Reason: Domain reported and verified as serving malware. Identified
> as malicious IP. Identified as malicious domain or URL.
> Notification: WBRS
> Can be this domain trusted or not? Is it a false threat or not?
> Is it legal when xwiki calls the API at https://store.xwiki.com?

Is it can be trusted and it’s legal. Our governance at 
http://dev.xwiki.org/xwiki/bin/view/Community/Governance allows the top 
sponsoring company to list its extension repository in the xwiki configuration 
by default (you can override this if you wish in your xwiki.properties file, 
search for the extension.repositories property).

FYI ATM the top sponsoring company is XWiki SAS (http://xwiki.com), see 
https://www.xwiki.org/xwiki/bin/view/Main/Supporters/SponsoringCompanies/. It 
currently provides two paying extensions that are advertised on 
http://extensions.xwiki.org/ in the “Sponsored Extensions” section.


> Thank you

Reply via email to