Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-10625

Require Maven 3.2.3, cleanup project-pom defined repositories and fail the build on invalid downloads

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 12.0.0
    • None
    • None
    • Pulsar
    • Platform Sprint 152

    Description

      We override the central repository to enforce https access. This is the default since Maven 3.2.3 out since 2014. For cleanness, we should not override but require maven 3.2.3 as minimum instead of the current 3.2.1.

       

      All of the repositories that are explicitly blocked in the project pom such as codehaus no longer exist so no need to block them, these can be removed.

      The default checksum policy for downloads is warn. This means that if an artifact is downloaded and the checksum doesn't match it prints a warning (once) and continues the build. With fail it will stop the build and removes the artifact with the incorrect checksum

      Changing it to fail has these advantages:

      1) If the artifact got corrupt during the download the artifact will not be stored. This avoids odd errors that are hard to trace
      1) Little bit more secure to check the checksum (although this can be forged as well in a mitm attack)

      <repository>
      <releases>
      <enabled>true</enabled>
      <checksumPolicy>fail</checksumPolicy>

      Attachments

        Activity

          People

            Unassigned Unassigned
            abanck Arent-Jan Banck (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: