[ https://issues.apache.org/jira/browse/GIRAPH-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Edunov updated GIRAPH-1120: ---------------------------------- Fix Version/s: (was: 1.2.0) 1.3.0 > Insecure repository configuration > ---------------------------------- > > Key: GIRAPH-1120 > URL: https://issues.apache.org/jira/browse/GIRAPH-1120 > Project: Giraph > Issue Type: Bug > Components: build > Affects Versions: 1.3.0 > Reporter: Olaf Flebbe > Fix For: 1.3.0 > > Attachments: > 0001-GIRAPH-1120-Insecure-repository-configuration.patch, > 0001-GIRAPH-1120-Insecure-repository-configuration.patch > > > Hi, the repository configuration of giraph is dangerous, since it is > susceptible for mitm attacks. > {code} > <repositories> > <repository> > <id>central</id> > <url>http://repo1.maven.org/maven2</url> > <releases> > <enabled>true</enabled> > </releases> > </repository> > ... > {code} > If one looks closer, no repository is needed to be configured since > everything from the default profile is in maven central. > If anything from a non-default profile is not found in maven central, it > should be moved to the respective profile. For instance the CDH artifact > repository should be moved to the cdh hadoop_cdh4.1.2 profile. -- This message was sent by Atlassian JIRA (v6.3.4#6332)