Date: Mon, 2 Mar 2015 16:25:54 +0300 From: gremlin@...mlin.ru To: oss-security@...ts.openwall.com Subject: Re: CVE request: Maven downloads JARs via HTTP On 2015-03-02 14:07:00 +0100, Martin Prpic wrote: > "Maven Central can now be accessed via HTTPS. I think the > default configuration should be switched to use that, rather > than the current unsecured HTTP transport." Does it use any sort of package signing and signature verification? -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ðòé gremlin ôþë ru> GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ