[
https://issues.apache.org/jira/browse/MRESOLVER-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16568315#comment-16568315
]
Robert Scholte commented on MRESOLVER-52:
-----------------------------------------
Could it be that one of the dependencies has specified this repository in their
pom? Artifact Resolver is not aware of Maven Central, it must be fed with all
remote repositories, either by the user or via pom configuration.
> https for artifact resolution
> -----------------------------
>
> Key: MRESOLVER-52
> URL: https://issues.apache.org/jira/browse/MRESOLVER-52
> Project: Maven Resolver
> Issue Type: Bug
> Components: resolver
> Affects Versions: Maven Artifact Resolver 1.1.1
> Reporter: Elliotte Rusty Harold
> Priority: Major
>
> Here's an exception I saw recently:
> Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not
> transfer artifact com.google.auth:google-auth-library-credentials:pom:0.4.0
> from/to central (http://repo1.maven.org/maven2/): repo1.maven.org: nodename
> nor servname provided, or not known
> The exception is probably a glitch in my network or DNS. Not resolver's fault
> and no big deal. However the message surprised me. Why
> *http*://repo1.maven.org/maven2/ and not *https*://repo1.maven.org/maven2/?
> One of three things is likely happening here:
> 1. Resolver is really using http instead of https to transfer artifacts. This
> is a major issue, and should be fixed.
> 2. It's using https to transfer, but is forming the URL in the error message
> by string concatenation with "http", which is not critical but should still
> be fixed.
> 3. It's relying on repo1 to redirect to https, which it seems to do; but
> shouldn't be required since this leaves the connection vulnerable to MITM.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
