maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MNG-5689) Checksum policy for mirrors
Date Wed, 28 Mar 2018 19:42:00 GMT

    [ https://issues.apache.org/jira/browse/MNG-5689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16418000#comment-16418000
] 

Christopher Tubbs commented on MNG-5689:
----------------------------------------

MNG-4645 implies that the configuration for central can be overridden by creating a new repository
configuration with the same id "central", but with different configuration, instead of using
a mirror. If that is true, then this issue can be closed, since the "mirrors" section seems
entirely unnecessary, if any repository can be overridden in the settings.xml file this way.

Either MNG-5728 or MNG-5506 would also satisfy my use case.

> Checksum policy for mirrors
> ---------------------------
>
>                 Key: MNG-5689
>                 URL: https://issues.apache.org/jira/browse/MNG-5689
>             Project: Maven
>          Issue Type: Improvement
>          Components: Settings
>    Affects Versions: 3.2.3
>            Reporter: Christopher Tubbs
>            Priority: Major
>              Labels: security-issue
>
> It does not appear that there is any way to configure a checksum policy for mirrors in
the settings.xml file.
> In particular, I'd love to enforce a "strict" checksum policy on maven central. I can
configure a mirrorOf central, but I cannot set the checksum policy. This seems like a big
oversight.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message