Repository: spark Updated Branches: refs/heads/branch-1.1 3f92ce4e2 -> 40284a9a3
SPARK-2879 [BUILD] Use HTTPS to access Maven Central and other repos Maven Central has just now enabled HTTPS access for everyone to Maven Central (http://central.sonatype.org/articles/2014/Aug/03/https-support-launching-now/) This is timely, as a reminder of how easily an attacker can slip malicious code into a build that's downloading artifacts over HTTP (http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/). In the meantime, it looks like the Spring repo also now supports HTTPS, so can be used this way too. I propose to use HTTPS to access these repos. Author: Sean Owen <sro...@gmail.com> Closes #1805 from srowen/SPARK-2879 and squashes the following commits: 7043a8e [Sean Owen] Use HTTPS for Maven Central libs and plugins; use id 'central' to override parent properly; use HTTPS for Spring repo (cherry picked from commit 4201d2711cd20a2892c40eb11102f73c2f826b2e) Signed-off-by: Patrick Wendell <pwend...@gmail.com> Project: http://git-wip-us.apache.org/repos/asf/spark/repo Commit: http://git-wip-us.apache.org/repos/asf/spark/commit/40284a9a Tree: http://git-wip-us.apache.org/repos/asf/spark/tree/40284a9a Diff: http://git-wip-us.apache.org/repos/asf/spark/diff/40284a9a Branch: refs/heads/branch-1.1 Commit: 40284a9a32a6efb6195098c93e292cbc6d128c42 Parents: 3f92ce4 Author: Sean Owen <sro...@gmail.com> Authored: Wed Aug 6 18:13:35 2014 -0700 Committer: Patrick Wendell <pwend...@gmail.com> Committed: Wed Aug 6 18:14:55 2014 -0700 ---------------------------------------------------------------------- pom.xml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/spark/blob/40284a9a/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 4ab027b..76bf6d8 100644 --- a/pom.xml +++ b/pom.xml @@ -143,11 +143,11 @@ <repositories> <repository> - <id>maven-repo</id> + <id>central</id> <!-- This should be at top, it makes maven try the central repo first and then others and hence faster dep resolution --> <name>Maven Repository</name> <!-- HTTPS is unavailable for Maven Central --> - <url>http://repo.maven.apache.org/maven2</url> + <url>https://repo.maven.apache.org/maven2</url> <releases> <enabled>true</enabled> </releases> @@ -213,7 +213,7 @@ <repository> <id>spring-releases</id> <name>Spring Release Repository</name> - <url>http://repo.spring.io/libs-release</url> + <url>https://repo.spring.io/libs-release</url> <releases> <enabled>true</enabled> </releases> @@ -222,6 +222,15 @@ </snapshots> </repository> </repositories> + <pluginRepositories> + <pluginRepository> + <id>central</id> + <url>https://repo1.maven.org/maven2</url> + <releases> + <enabled>true</enabled> + </releases> + </pluginRepository> + </pluginRepositories> <dependencyManagement> <dependencies> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org
