[
https://issues.apache.org/jira/browse/ZOOKEEPER-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15505665#comment-15505665
]
Olaf Flebbe commented on ZOOKEEPER-2594:
----------------------------------------
BTW: One can see that netty is now downloaded from {{repo1.maven.org}} . The
jboss repository seems to be not necessary any more .
> Use TLS for downloading artifacts during build
> ----------------------------------------------
>
> Key: ZOOKEEPER-2594
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2594
> Project: ZooKeeper
> Issue Type: Improvement
> Components: build
> Affects Versions: 3.4.9, 3.5.2
> Reporter: Olaf Flebbe
> Assignee: Olaf Flebbe
> Priority: Blocker
> Labels: security
> Fix For: 3.4.10, 3.5.3, 3.6.0
>
> Attachments: 0001-ZOOKEEPER-2594-Use-TLS-for-downloading.patch,
> ZOOKEEPER-2594.patch, compile.log
>
>
> Zookeeper builds are downloading dependencies using the insecure http://
> protocol.
> An outdated java.net repository can be removed now, since its content is now
> on maven.org.
> The https://repo2.maven.org cannot be used, since its certificate is invalid.
> Use repo1.maven.org instead (IMHO this is intentional).
> Appended you'll find a proposed patch (against git head) to fix these issues,
> for a starter.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
