Return-Path: X-Original-To: apmail-accumulo-dev-archive@www.apache.org Delivered-To: apmail-accumulo-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CA62E11D25 for ; Mon, 18 Aug 2014 13:02:27 +0000 (UTC) Received: (qmail 90512 invoked by uid 500); 18 Aug 2014 13:02:27 -0000 Delivered-To: apmail-accumulo-dev-archive@accumulo.apache.org Received: (qmail 90470 invoked by uid 500); 18 Aug 2014 13:02:27 -0000 Mailing-List: contact dev-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list dev@accumulo.apache.org Received: (qmail 90459 invoked by uid 99); 18 Aug 2014 13:02:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Aug 2014 13:02:27 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [209.85.192.50] (HELO mail-qg0-f50.google.com) (209.85.192.50) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Aug 2014 13:02:00 +0000 Received: by mail-qg0-f50.google.com with SMTP id z107so1033191qgd.37 for ; Mon, 18 Aug 2014 06:01:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=15kvoeP8aiuxfnwpPJMWegWW6LUY/DrRLOEb0Plz37o=; b=L0OfWW0xkivP6u18/nI+iW3PcWVNB+VtqISOCbozC4acBIGIi2YQmRJa6yPbS/IvHE nWsopF8spEJTwYv5fi4TyoDDvRtMJBWfNsSRFNC91b31b8JlL24WEPJgFmeVo2QfnHCz UPAgLt/pGczmYcyDxgIiB0P/Y10/G5LyOyqJRjJ07wdTYIZ6qmv+jbgy4H80DuEncTya bTQEo+vkQiq1FF9Ebxzk3aO6trEYwE3Fz4YXmMW1UT0KWh+8zfBi3H25JKGttM4UIdto ZdfHEcmYIAR4CShYTrifEPVSQ8yIs16fkh+jDLzV+6k4tz2E6d9UPRIefVvzny3mwcGu zHAg== X-Gm-Message-State: ALoCoQkCWAwBF589wqEq2u/OmfNvsh3aQlLATwxRSLYyrOlUx0ucRATxX6qFeeh5VJ4omtG8xOMz X-Received: by 10.224.127.74 with SMTP id f10mr56222988qas.100.1408366918606; Mon, 18 Aug 2014 06:01:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.121.198 with HTTP; Mon, 18 Aug 2014 06:01:38 -0700 (PDT) In-Reply-To: <53F12198.7040202@gmail.com> References: <53F12198.7040202@gmail.com> From: Bill Havanki Date: Mon, 18 Aug 2014 09:01:38 -0400 Message-ID: Subject: Re: Update Maven requirements to handle HTTPS? To: Accumulo Dev List Content-Type: multipart/alternative; boundary=001a11c2cc18e667850500e6f98d X-Virus-Checked: Checked by ClamAV on apache.org --001a11c2cc18e667850500e6f98d Content-Type: text/plain; charset=UTF-8 A user with Maven pre-3.2.3 can configure the Maven Central URL to use HTTPS by setting up a mirror in their settings.xml. http://maven.apache.org/guides/mini/guide-mirror-settings.html Josh, is your concern that folks won't be able to upgrade to 3.2.3? On Sun, Aug 17, 2014 at 5:41 PM, Josh Elser wrote: > I see a massive headache incoming doing this. Is there a middle ground we > can encourage people to use that isn't going to break everyone downstream? > > Can we make some recommendations to clients about how to use HTTPS instead > of HTTP access to avoid the MITM attack (which I assume is the primary > reason for suggesting the update). > > > On 8/17/2014 4:57 PM, Sean Busbey wrote: > >> Now that Maven has released version 3.2.3 to default HTTPS access to maven >> central, anyone have an objection to updating our enforcer rules to >> require >> it? >> >> http://maven.apache.org/docs/3.2.3/release-notes.html >> >> -- // Bill Havanki // Solutions Architect, Cloudera Govt Solutions // 443.686.9283 --001a11c2cc18e667850500e6f98d--