Olaf Flebbe created GIRAPH-1120:
-----------------------------------
Summary: Insecure repository configuration
Key: GIRAPH-1120
URL: https://issues.apache.org/jira/browse/GIRAPH-1120
Project: Giraph
Issue Type: Bug
Components: build
Affects Versions: 1.2.0-SNAPSHOT
Reporter: Olaf Flebbe
Hi, the repository configuration of giraph is dangerous, since it is
susceptible for mitm attacks.
{code}
<repositories>
<repository>
<id>central</id>
<url>http://repo1.maven.org/maven2</url>
<releases>
<enabled>true</enabled>
</releases>
</repository>
...
{code}
If one looks closer, no repository is needed to be configured since everything
from the default profile is in maven central.
If anything from a non-default profile is not found in maven central, it should
be moved to the respective profile. For instance the CDH artifact repository
should be moved to the cdh hadoop_cdh4.1.2 profile.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
