Download link

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Download link

Karl Heinz Marbaise-3
Hi,

I just realized that our download link from the download page[1] points to:

http://artfiles.org/apache.org/maven/

Is that intentional ?

Good idea? on http instead of https ?

Why not using:

https://www.apache.org/dist/maven/


Maybe I missed somthing ?


Kind regards
Karl Heinz Marbaise


[1]: http://maven.apache.org/download.cgi


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Download link

Karl Heinz Marbaise-3
Hi,

On 03/03/18 10:12, Stephen Connolly wrote:

> On Sat 3 Mar 2018 at 09:02, Karl Heinz Marbaise <[hidden email]> wrote:
>
>> Hi,
>>
>> I just realized that our download link from the download page[1] points to:
>>
>> http://artfiles.org/apache.org/maven/
>>
>> Is that intentional ?
>
>
> Depends on geolocation... my link is
>
> http://mirrors.whoishostingthis.com/apache/maven/maven-3/3.5.2/binaries/apache-maven-3.5.2-bin.tar.gz
>

Yeah that's what I expected but should all mirrors using https instead
of http?

Apart from that where can given an hint about the "wrong" url via http
instead of https ?

Just a INFRA ticket ?

Kind regards
Karl Heinz Marbaise

>
>>
>> Good idea? on http instead of https ?
>
>
> We should probably include the sha256 on the actual download page then...
> as that page is served over https if asked for.
>
> We cannot force the mirrors to serve over https iiuc
>
>
>>
>> Why not using:
>>
>> https://www.apache.org/dist/maven/
>>
>>
>> Maybe I missed somthing ?
>>
>>
>> Kind regards
>> Karl Heinz Marbaise
>>
>>
>> [1]: http://maven.apache.org/download.cgi

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]