accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Busbey <bus...@cloudera.com>
Subject Re: Update Maven requirements to handle HTTPS?
Date Mon, 18 Aug 2014 15:06:37 GMT
We could just update our developer docs to strongly suggest updating to
Maven 3.2.3, if we don't want to force it.


What kind of downstream issues are you expecting? AFAIK, the enforcer
section for the pom only gets used when building our repo, not when
building a project that uses us as a dep.



On Mon, Aug 18, 2014 at 9:41 AM, Josh Elser <josh.elser@gmail.com> wrote:

> Yes - exactly.
>
> Doing it in master only may alleviate some of the worry, but I imagine it
> would still cause headache. For something that is already configurable by
> <3.2.3 by users who want it, I can't get behind forcing a newer version to
> just to get the default action changed.
>
>
> On 8/18/14, 9:01 AM, Bill Havanki wrote:
>
>> A user with Maven pre-3.2.3 can configure the Maven Central URL to use
>> HTTPS by setting up a mirror in their settings.xml.
>>
>> http://maven.apache.org/guides/mini/guide-mirror-settings.html
>>
>> Josh, is your concern that folks won't be able to upgrade to 3.2.3?
>>
>>
>> On Sun, Aug 17, 2014 at 5:41 PM, Josh Elser <josh.elser@gmail.com> wrote:
>>
>>  I see a massive headache incoming doing this. Is there a middle ground we
>>> can encourage people to use that isn't going to break everyone
>>> downstream?
>>>
>>> Can we make some recommendations to clients about how to use HTTPS
>>> instead
>>> of HTTP access to avoid the MITM attack (which I assume is the primary
>>> reason for suggesting the update).
>>>
>>>
>>> On 8/17/2014 4:57 PM, Sean Busbey wrote:
>>>
>>>  Now that Maven has released version 3.2.3 to default HTTPS access to
>>>> maven
>>>> central, anyone have an objection to updating our enforcer rules to
>>>> require
>>>> it?
>>>>
>>>> http://maven.apache.org/docs/3.2.3/release-notes.html
>>>>
>>>>
>>>>
>>
>>


-- 
Sean

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message