As we edge closer to moving more people onto maven 2 here, there are a
few questions that keep popping up, can anyone help with these?
1 - How are items submitted to repo1? I've read the article here
(http://maven.apache.org/guides/mini/guide-ibiblio-upload.html), but I
don't see a validation part. What the powers that be are afraid of is
someone putting in some junk or malicious code into one of the
dependency jars.
2 - Is there a https mirror for maven 2 repositories? We'd LIKE to use
proximity as a proxy, but because of the ever growing threat of man in
the middle attacks, having anything just automatically go out to the web
is dangerous in their eyes.
If there are no answers, could someone point me directly to the code
involved? I need to see how the checksums are getting validated.
Thanks in advance!
