Uploaded image for project: 'Apache Taverna'
  1. Apache Taverna
  2. TAVERNA-1029

Avoid insecure http Maven repositories

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Done
    • Major
    • Resolution: Done
    • parent 2
    • parent 3
    • Taverna Maven Parent
    • None

    Description

      We should not depend on http Maven repositories like http://repository.springsource.com/maven/bundles/release - for security reasons only https should be used for downloading software.

      https://repo.spring.io/release and https://repo.spring.io/milestone (e.g. https://repo.spring.io/milestone/org/springframework/osgi/spring-osgi-annotation/2.0.0.M1/) seems to replace the older repository.springsource.com - and dependencies from bundles/external (e.g. com.springsource.org.jdom) seem to be in https://jcenter.bintray.com/

      Attachments

        Activity

          People

            stain Stian Soiland-Reyes
            stain Stian Soiland-Reyes
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: