You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Herve Boutemy (Jira)" <ji...@apache.org> on 2021/04/17 07:26:00 UTC
[jira] [Issue Comment Deleted] (MNG-7118) Block external HTTP
repositories by default
[ https://issues.apache.org/jira/browse/MNG-7118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Herve Boutemy updated MNG-7118:
-------------------------------
Comment: was deleted
(was: Build failed in Jenkins: Maven » Maven TLP » maven » maven-3.8.x #3
See https://ci-builds.apache.org/job/Maven/job/maven-box/job/maven/job/maven-3.8.x/3/)
> Block external HTTP repositories by default
> -------------------------------------------
>
> Key: MNG-7118
> URL: https://issues.apache.org/jira/browse/MNG-7118
> Project: Maven
> Issue Type: New Feature
> Affects Versions: 3.6.3
> Reporter: Herve Boutemy
> Assignee: Herve Boutemy
> Priority: Major
> Fix For: 3.8.1, 4.0.0, 4.0.0-alpha-1
>
>
> Downloading code from external repositories in HTTP is not a best practice: let's block that by default
> Using the 2 previously added features (MNG-7116 mirrorOf external:http:* to select repositories, and MNG-7117 to block the mirror), it can be done by adding a new mirror definition in default settings.xml provided in the Maven distribution:
> {code:xml}
> <settings>
> <mirrors>
> <mirror>
> <id>maven-default-http-blocker</id>
> <mirrorOf>external:http:*</mirrorOf>
> <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
> <url>http://0.0.0.0/</url>
> <blocked>true</blocked>
> </mirror>
> </mirrors>
> </settings>{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)