Change URL in poms to use HTTPS

Using HTTP is the best way because of certificate expiration, maven SSL inconsistencies, maintenance not being performed, revocation lists being updated, and many many many MANY more.

While it is a nice idea, and does fit most portfolio’s, for open source fast moving projects, SSL in POM files is nothing more than a serious and very destructive practice.

Good for in house projects, terrible for maven open source.

Very dangerous yes. Research it please, like I said, don’t have the time or urge to google for you.

We all keep our repository on HTTP because we have all felt the burn when SSL slips, wasn’t a month ago no one could deploy to Sonartype Central for 4 days because the SSL cert went invalid and all overrides had to be done on the CI’s

No, you do not put HTTPS into Maven artifacts. Not on fast moving, fast deploying, open source projects. If you deploy once every 6 months, fine whatever, an SSL break isn’t the end of the world. If you are a fast moving open source project, you cannot allow 3rd party failures to impact your deployment cycle.

Turning off the HTTPS validation turned out to be the only way (check you stack overflows, check your maven error imports, look at the thousands of complaints about it).

Sorry, but full on disagreement with you. Not in Maven, Not on fast moving projects, not with such a dependency on a 3rd party. No 3rd party is immune, and every 3rd party has been affected by it, and many many open source developers have felt the pain., You will find this intentional “problem” in almost all repositories that have deployment cycles on-demand or less than 6 months.

Not going to happen.