[
https://jira.codehaus.org/browse/MNG-5154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benjamin Bentmann closed MNG-5154.
----------------------------------
Resolution: Not A Bug
Please fill this request at https://issues.sonatype.org/browse/MVNCENTRAL.
> repo1.maven.org should support HTTPS and HTTP requests should be redirected
> to HTTPS
> ------------------------------------------------------------------------------------
>
> Key: MNG-5154
> URL: https://jira.codehaus.org/browse/MNG-5154
> Project: Maven 2 & 3
> Issue Type: Bug
> Reporter: Eric Rannaud
>
> As "Java runs the Internet" (sic), and that "Maven is awesome" (sic again --
> these are real quotes, google them), man-in-the-middle attacks that inject
> bad code in downloaded JARs that are then happily and blindly executed on the
> machines of the developers that build the software that run the
> aforementioned Internet without any authentication whatsoever is not a very
> good idea.
> Once upon a time, when Maven was invented, back in 1985, there was an
> understandable certain "naivete" when it came to such things as security. The
> world was a happy place where no one tried to own developers machines,
> because nobody understood, yet, that developers machines are the best way to
> distribute malware all over the fricking place.
> But this is 2011, a year that saw shinny new social networks redirect all
> HTTP requests to HTTPS from day one, so I'm sure that now is a good time to
> reconsider.
> Thanks.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
