[CMS-10625] Require Maven 3.2.3, cleanup project-pom defined repositories and fail the build on invalid downloads - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 12.0.0
Component/s: None
Labels:
None

Processed by team:
Pulsar
Sprint:
Platform Sprint 152

Description

We override the central repository to enforce https access. This is the default since Maven 3.2.3 out since 2014. For cleanness, we should not override but require maven 3.2.3 as minimum instead of the current 3.2.1.

All of the repositories that are explicitly blocked in the project pom such as codehaus no longer exist so no need to block them, these can be removed.

The default checksum policy for downloads is warn. This means that if an artifact is downloaded and the checksum doesn't match it prints a warning (once) and continues the build. With fail it will stop the build and removes the artifact with the incorrect checksum

Changing it to fail has these advantages:

1) If the artifact got corrupt during the download the artifact will not be stored. This avoids odd errors that are hard to trace
1) Little bit more secure to check the checksum (although this can be forged as well in a mitm attack)

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Arent-Jan Banck (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Feb/15 11:42 PM

Updated:: 20/Mar/17 11:14 AM

Resolved:: 20/Mar/17 11:14 AM