Community Support - Maven Central
  1. Community Support - Maven Central
  2. MVNCENTRAL-94 should support HTTPS and HTTP requests should be redirected to HTTPS


    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Component/s: None
    • Labels:


      I raised asking if HTTPS
      should be available and required to access Benjamin
      Bentmann asked me to file the issue here instead. was raised 3 years ago, and
      it appears that only part of its goal has been achieved. Artifacts are
      routinely signed when deployed, indeed it is a requirement to publish
      on major Maven repos. But the clients don't check the signatures by
      default. Repository managers such as Nexus Professional are needed to
      enforce signature verification.

      As a stopgap measure, it would go a long way toward offering some
      level of reassurance that downloaded artifacts are authentic if the
      central repository would only deliver artifacts over HTTPS,
      redirecting HTTP requests to HTTPS with a 301/302 for backward
      compatibility. Right now, is not even available over


        No work has yet been logged on this issue.


          • Assignee:
            Juven Xu
            Eric Rannaud
            Last Updated By:
            Eric Rannaud
          • Votes:
            1 Vote for this issue
            1 Start watching this issue


            • Created:
              Date of First Response: