manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (CONNECTORS-1095) Download artifacts over HTTPS
Date Wed, 05 Nov 2014 18:43:33 GMT

     [ https://issues.apache.org/jira/browse/CONNECTORS-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Karl Wright reassigned CONNECTORS-1095:
---------------------------------------

    Assignee: Karl Wright

> Download artifacts over HTTPS
> -----------------------------
>
>                 Key: CONNECTORS-1095
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1095
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: Build
>    Affects Versions: Manifold 1.7.1
>            Reporter: Aeham Abushwashi
>            Assignee: Karl Wright
>            Priority: Minor
>              Labels: security
>             Fix For: ManifoldCF 1.8, ManifoldCF 2.0
>
>         Attachments: CONNECTORS-1095.patch
>
>
> In the interest of securing the download of maven artifacts, it would be good to use
HTTPS instead of HTTP in the ant build scripts.
> This by no means guarantees complete security for the build process and its output but
helps protect against a certain class of Man In The Middle attacks. See the following thread
for more information - http://stackoverflow.com/questions/7094035/how-secure-is-using-maven.
> A patch will follow shortly...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message