maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian E. Fox" <bri...@infinity.nu>
Subject Re: Central and Man-in-the-middle
Date Wed, 30 Jul 2014 13:25:14 GMT
http://blog.sonatype.com/2014/07/ssl_connectivity_for_central/

--Brian (mobile)


> On Jul 28, 2014, at 11:06 PM, Brian Fox <brianf@infinity.nu> wrote:
> 
> We are already in the process of making this open for free to
> everyone. Way back in 2012 the CDN situation was different but we just
> renewed the contract and and ssl is part of it. Once this is setup, we
> should consider changing the superpom to use ssl by default.
> 
> Obviously doing something to validate pgp signatures is even better.
> 
>> On Mon, Jul 28, 2014 at 10:14 PM, Mark Derricutt <mark@talios.com> wrote:
>> Hey all,
>> 
>> Just been reading [1] after it was mentioned in both #scala and #clojure on
>> irc.freenode.org now, is there anything that can be done to alleviate some
>> of these issues?
>> 
>> oss.sonatype.org now requires everything to be GPG signed before being
>> uploaded to central, but I'm not sure about any of the other means of
>> getting artifacts uploaded.
>> 
>> Are there any plugins out there to verify GPG signings of dependencies?
>> 
>> Something to discuss on the dev-hangout maybe?
>> 
>> 
>> [1] https://news.ycombinator.com/item?id=8099713
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>> For additional commands, e-mail: dev-help@maven.apache.org
>> 

Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message