accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Havanki <bhava...@clouderagovt.com>
Subject Re: Update Maven requirements to handle HTTPS?
Date Mon, 18 Aug 2014 13:01:38 GMT
A user with Maven pre-3.2.3 can configure the Maven Central URL to use
HTTPS by setting up a mirror in their settings.xml.

http://maven.apache.org/guides/mini/guide-mirror-settings.html

Josh, is your concern that folks won't be able to upgrade to 3.2.3?


On Sun, Aug 17, 2014 at 5:41 PM, Josh Elser <josh.elser@gmail.com> wrote:

> I see a massive headache incoming doing this. Is there a middle ground we
> can encourage people to use that isn't going to break everyone downstream?
>
> Can we make some recommendations to clients about how to use HTTPS instead
> of HTTP access to avoid the MITM attack (which I assume is the primary
> reason for suggesting the update).
>
>
> On 8/17/2014 4:57 PM, Sean Busbey wrote:
>
>> Now that Maven has released version 3.2.3 to default HTTPS access to maven
>> central, anyone have an objection to updating our enforcer rules to
>> require
>> it?
>>
>> http://maven.apache.org/docs/3.2.3/release-notes.html
>>
>>


-- 
// Bill Havanki
// Solutions Architect, Cloudera Govt Solutions
// 443.686.9283

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message