[jira] [Issue Comment Deleted] (MNG-7118) Block external HTTP repositories by default

Sat, 17 Apr 2021 00:26:08 -0700 


     [ 
https://issues.apache.org/jira/browse/MNG-7118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Herve Boutemy updated MNG-7118:
-------------------------------
    Comment: was deleted

(was: Build succeeded in Jenkins: Maven » Maven TLP » maven » master #122

See 
https://ci-builds.apache.org/job/Maven/job/maven-box/job/maven/job/master/122/)

> Block external HTTP repositories by default
> -------------------------------------------
>
>                 Key: MNG-7118
>                 URL: https://issues.apache.org/jira/browse/MNG-7118
>             Project: Maven
>          Issue Type: New Feature
>    Affects Versions: 3.6.3
>            Reporter: Herve Boutemy
>            Assignee: Herve Boutemy
>            Priority: Major
>             Fix For: 3.8.1, 4.0.0, 4.0.0-alpha-1
>
>
> Downloading code from external repositories in HTTP is not a best practice: 
> let's block that by default
> Using the 2 previously added features (MNG-7116 mirrorOf external:http:* to 
> select repositories, and MNG-7117 to block the mirror), it can be done by 
> adding a new mirror definition in default settings.xml provided in the Maven 
> distribution:
> {code:xml}
> <settings>
>   <mirrors>
>     <mirror>
>       <id>maven-default-http-blocker</id>
>       <mirrorOf>external:http:*</mirrorOf>
>       <name>Pseudo repository to mirror external repositories initially using 
> HTTP.</name>
>       <url>http://0.0.0.0/</url>
>       <blocked>true</blocked>
>     </mirror>
>   </mirrors>
> </settings>{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to