![]() |
|
|
|
|
Change By:
|
Ben McCann
(09/Aug/14 6:32 PM)
|
|
Description:
|
Jenkins by default loads updates from http://updates.jenkins-ci.org/update-center.json. It should not be doing this over http and should instead use https by default. This URL should probably not even be accessible over http let alone have that being set as the default.
The URLs referred to within that file should also be https versions and not http.
Sonatype just got some bad press for fetching jars over http by default and has now changed to https (http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/). I think we should follow their lead.
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.
