Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-5154

repo1.maven.org should support HTTPS and HTTP requests should be redirected to HTTPS

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Not A Problem
    • None
    • None
    • None
    • None

    Description

      As "Java runs the Internet" (sic), and that "Maven is awesome" (sic again – these are real quotes, google them), man-in-the-middle attacks that inject bad code in downloaded JARs that are then happily and blindly executed on the machines of the developers that build the software that run the aforementioned Internet without any authentication whatsoever is not a very good idea.

      Once upon a time, when Maven was invented, back in 1985, there was an understandable certain "naivete" when it came to such things as security. The world was a happy place where no one tried to own developers machines, because nobody understood, yet, that developers machines are the best way to distribute malware all over the fricking place.

      But this is 2011, a year that saw shinny new social networks redirect all HTTP requests to HTTPS from day one, so I'm sure that now is a good time to reconsider.

      Thanks.

      Attachments

        Issue Links

          depends upon

          Bug - A problem which impairs or prevents the functions of the product. MNG-4838 Permament move (error 301) not handled properly by Maven

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              eric.rannaud Eric Rannaud
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: