You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Olaf Flebbe (JIRA)" <ji...@apache.org> on 2016/09/19 19:08:20 UTC

[jira] [Updated] (ZOOKEEPER-2594) Use TLS for downloading

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Olaf Flebbe updated ZOOKEEPER-2594:
-----------------------------------
    Attachment: 0001-ZOOKEEPER-2594-Use-TLS-for-downloading.patch

> Use TLS for downloading
> -----------------------
>
>                 Key: ZOOKEEPER-2594
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2594
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: build
>            Reporter: Olaf Flebbe
>              Labels: security
>         Attachments: 0001-ZOOKEEPER-2594-Use-TLS-for-downloading.patch
>
>
> Zookeeper builds are downloading dependencies using the insecure http:// protocol. 
> An outdated java.net repository can be removed now, since its content is now on maven.org.
> The https://repo2.maven.org cannot be used, since its certificate is invalid. Use repo1.maven.org instead (IMHO this is intentional).
> Appended you'll find a proposed patch (against git head) to fix these issues, for a starter.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)