![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Assignee:
|
Unassigned |
|
Components:
|
maven, security |
|
Created:
|
09/Aug/14 6:40 PM
|
|
Description:
|
The docs (https://wiki.jenkins-ci.org/display/JENKINS/Plugin+tutorial) say to put http://repo.jenkins-ci.org/public/ as a repository. It is a very bad idea to have this hosted on http and not https. For users who have an understanding of security and try to switch it to https they find that it is not even an option and are greeted with an error.
This is probably not the site you are looking for!
You attempted to reach repo.jenkins-ci.org, but instead you actually reached a server identifying itself as *.artifactoryonline.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of repo.jenkins-ci.org.
You should not proceed, especially if you have never seen this warning before for this site.
Sonatype just got some bad press for fetching jars over http by default and has now changed to https (http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/). I think we should follow their lead.
|
|
Project:
|
Jenkins
|
|
Priority:
|
![Critical]() Critical
|
|
Reporter:
|
Ben McCann
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.
