Re: [hibernate-dev] Security: Requiring Maven version 3.2.3 in our (maven based) builds

2014-12-12 Thread Hardy Ferentschik
> I think we should make this version (at least) a requirement for builds. WDYT? Sure, why not. +1 --Hardy pgpjwr4S9oQbv.pgp Description: PGP signature ___ hibernate-dev mailing list hibernate-dev@lists.jboss.org https://lists.jboss.org/mailman/listin

[hibernate-dev] Security: Requiring Maven version 3.2.3 in our (maven based) builds

2014-12-12 Thread Sanne Grinovero
Some weeks ago there was quite a fuss about the security implications of Maven downloading all those binary jars over HTTP rather than over HTTPS. That was fixed and now all mirrors support HTTPS and this latest Maven version uses secure connections by default. I'm usually careful in upgrading Mav