Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-109

Invalid certificate warning on repo-jenkins-ci.org

    Details

    • Similar Issues:

      Description

      The docs (https://wiki.jenkins-ci.org/display/JENKINS/Plugin+tutorial) say to put http://repo.jenkins-ci.org/public/ as a repository. It is a very bad idea to have this hosted on http and not https. For users who have an understanding of security and try to switch it to https they find that it is not even an option and are greeted with an error.

      This is probably not the site you are looking for!
      You attempted to reach repo.jenkins-ci.org, but instead you actually reached a server identifying itself as *.artifactoryonline.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of repo.jenkins-ci.org.
      You should not proceed, especially if you have never seen this warning before for this site.

      Sonatype just got some bad press for fetching jars over http by default and has now changed to https (http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/). I think we should follow their lead.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rtyler R. Tyler Croy
                Reporter:
                chengas123 Ben McCann
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: