We are already in the process of making this open for free to everyone. Way back in 2012 the CDN situation was different but we just renewed the contract and and ssl is part of it. Once this is setup, we should consider changing the superpom to use ssl by default.
Obviously doing something to validate pgp signatures is even better. On Mon, Jul 28, 2014 at 10:14 PM, Mark Derricutt <[email protected]> wrote: > Hey all, > > Just been reading [1] after it was mentioned in both #scala and #clojure on > irc.freenode.org now, is there anything that can be done to alleviate some > of these issues? > > oss.sonatype.org now requires everything to be GPG signed before being > uploaded to central, but I'm not sure about any of the other means of > getting artifacts uploaded. > > Are there any plugins out there to verify GPG signings of dependencies? > > Something to discuss on the dev-hangout maybe? > > > [1] https://news.ycombinator.com/item?id=8099713 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
