Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
Maven Artifact Resolver 1.1.1
-
None
-
None
Description
Here's an exception I saw recently:
Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact com.google.auth:google-auth-library-credentials:pom:0.4.0 from/to central (http://repo1.maven.org/maven2/): repo1.maven.org: nodename nor servname provided, or not known
The exception is probably a glitch in my network or DNS. Not resolver's fault and no big deal. However the message surprised me. Why http://repo1.maven.org/maven2/ and not https://repo1.maven.org/maven2/?
One of three things is likely happening here:
1. Resolver is really using http instead of https to transfer artifacts. This is a major issue, and should be fixed.
2. It's using https to transfer, but is forming the URL in the error message by string concatenation with "http", which is not critical but should still be fixed.
3. It's relying on repo1 to redirect to https, which it seems to do; but shouldn't be required since this leaves the connection vulnerable to MITM.