[ https://jira.codehaus.org/browse/MNG-5154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benjamin Bentmann closed MNG-5154. ---------------------------------- Resolution: Not A Bug Please fill this request at https://issues.sonatype.org/browse/MVNCENTRAL. > repo1.maven.org should support HTTPS and HTTP requests should be redirected > to HTTPS > ------------------------------------------------------------------------------------ > > Key: MNG-5154 > URL: https://jira.codehaus.org/browse/MNG-5154 > Project: Maven 2 & 3 > Issue Type: Bug > Reporter: Eric Rannaud > > As "Java runs the Internet" (sic), and that "Maven is awesome" (sic again -- > these are real quotes, google them), man-in-the-middle attacks that inject > bad code in downloaded JARs that are then happily and blindly executed on the > machines of the developers that build the software that run the > aforementioned Internet without any authentication whatsoever is not a very > good idea. > Once upon a time, when Maven was invented, back in 1985, there was an > understandable certain "naivete" when it came to such things as security. The > world was a happy place where no one tried to own developers machines, > because nobody understood, yet, that developers machines are the best way to > distribute malware all over the fricking place. > But this is 2011, a year that saw shinny new social networks redirect all > HTTP requests to HTTPS from day one, so I'm sure that now is a good time to > reconsider. > Thanks. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira