This repository has been archived by the owner on Dec 24, 2022. It is now read-only.

insecure gradlew #287

Open

IzzySoft opened this issue Oct 25, 2018 · 0 comments

IzzySoft commented Oct 25, 2018

Could you please "secure your gradlew"?

Found plain HTTP URL for gradle repository:
build/net.etuldan.sparss.floss/mobile/build.gradle
repositories {
    maven {
        url 'http://dl.bintray.com/amulyakhare/maven'
    }
gradle build uses plain HTTP URLs for repositories!  This is insecure!
https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/

AFAIK Bintray does support HTTPS 😉

(above copy-paste is from F-Droid's lint process)

The text was updated successfully, but these errors were encountered:

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.