You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Jon Strayer <jo...@strayer.org> on 2010/11/29 14:36:04 UTC
FYI Repo "hacked"?
On the 24th of November my reports build failed. The failure message is:
Unable to read local copy of metadata: Cannot read metadata from
'e:\repo\org\apache\maven\skins\maven-default-skin\maven-metadata-java.net.xml':
end tag name </head> must be the same as start tag <meta> from line 7
(position: TEXT seen ... hack msn hack www.44imha.in
www.islamihacker.org</title>\r\n</head>...
@9:8)
org.apache.maven.skins:maven-default-skin:jar:RELEASE
And sure enough when I look at the maven-metadata-java.net.xml It is a web
page. The page references islamihacker.org so it looks like some putz
thought "hacking" a public repository was some kind of challenge.
Re: FYI Repo "hacked"?
Posted by Jon Strayer <jo...@strayer.org>.
Thanks for the reply. I checked my Nexus logs and it showed a similar
problem but for a different repository. The Java.Net proxy didn't show the
problem. I cleared my local repository and Nexus. Perhaps that will clear
the problem.
On Mon, Nov 29, 2010 at 9:52 AM, Brian Fox <br...@infinity.nu> wrote:
> Lets look at this closely:
>
> On Mon, Nov 29, 2010 at 8:36 AM, Jon Strayer <jo...@strayer.org> wrote:
> > On the 24th of November my reports build failed. The failure message is:
> > Unable to read local copy of metadata: Cannot read metadata from
> >
> 'e:\repo\org\apache\maven\skins\maven-default-skin\maven-metadata-java.net.xml':
>
> The name of this file tells me that Maven thinks it got this metadata
> from a repo with id "java.net". Double checking Central, we can see
> that this file is normal:
>
> http://repo2.maven.org/maven2/org/apache/maven/skins/maven-default-skin/maven-metadata.xml
>
> Checking the standard java.net repo, we can see that org/apache/maven
> doesn't even exist:
> http://download.java.net/maven/2/org/apache/
>
> So far this doesn't appear to be a repo hack but more likely something
> local or to a local server you use.
>
> > end tag name </head> must be the same as start tag <meta> from line 7
> > (position: TEXT seen ... hack msn hack www.44imha.in
> > www.islamihacker.org</title>\r\n</head>...
> > @9:8)
> > org.apache.maven.skins:maven-default-skin:jar:RELEASE
> >
> > And sure enough when I look at the maven-metadata-java.net.xml It is a
> web
> > page. The page references islamihacker.org so it looks like some putz
> > thought "hacking" a public repository was some kind of challenge.
> >
>
>
> In your builds, what url does java.net point at? You can check the
> entire transitive tree with the snapshot of the dependency plugin:
> mvn
> org.apache.maven.plugins:maven-dependency-plugin:2.2-SNAPSHOT:list-repositories
>
> It's possible that somehow your machine was redirected at a website
> that had this page and Maven picked it up.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
--
" People who couldn't find Nebraska on a world map are certain that global
warming is a left-wing hoax.
Gene Lyons"
Re: FYI Repo "hacked"?
Posted by Brian Fox <br...@infinity.nu>.
Lets look at this closely:
On Mon, Nov 29, 2010 at 8:36 AM, Jon Strayer <jo...@strayer.org> wrote:
> On the 24th of November my reports build failed. The failure message is:
> Unable to read local copy of metadata: Cannot read metadata from
> 'e:\repo\org\apache\maven\skins\maven-default-skin\maven-metadata-java.net.xml':
The name of this file tells me that Maven thinks it got this metadata
from a repo with id "java.net". Double checking Central, we can see
that this file is normal:
http://repo2.maven.org/maven2/org/apache/maven/skins/maven-default-skin/maven-metadata.xml
Checking the standard java.net repo, we can see that org/apache/maven
doesn't even exist:
http://download.java.net/maven/2/org/apache/
So far this doesn't appear to be a repo hack but more likely something
local or to a local server you use.
> end tag name </head> must be the same as start tag <meta> from line 7
> (position: TEXT seen ... hack msn hack www.44imha.in
> www.islamihacker.org</title>\r\n</head>...
> @9:8)
> org.apache.maven.skins:maven-default-skin:jar:RELEASE
>
> And sure enough when I look at the maven-metadata-java.net.xml It is a web
> page. The page references islamihacker.org so it looks like some putz
> thought "hacking" a public repository was some kind of challenge.
>
In your builds, what url does java.net point at? You can check the
entire transitive tree with the snapshot of the dependency plugin:
mvn org.apache.maven.plugins:maven-dependency-plugin:2.2-SNAPSHOT:list-repositories
It's possible that somehow your machine was redirected at a website
that had this page and Maven picked it up.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org