Skip to content

Tried to use insecure HTTP repository without TLS #42

New issue
New issue
Open
Open
Tried to use insecure HTTP repository without TLS#42
@vigilancetech-com

Description

@vigilancetech-com
vigilancetech-com
opened on Mar 5, 2023

When I tried to do, lein uberjar

I got:

Tried to use insecure HTTP repository without TLS:
 Tried to use insecure HTTP repository without TLS:
project: http://mrep.s3-website-us-east-1.amazonaws.com
 org/hornetq/hornetq-core-client/2.4.7.Final/hornetq-core-client-2.4.7.Final.jar  project: http://mrep.s3-website-us-east-1.amazonaws.com
 com/datomic/datomic-lucene-core/3.3.0/datomic-lucene-core-3.3.0.jar
  Tried to use insecure HTTP repository without TLS:


This is almost certainly a mistake; for details see   project: http://mrep.s3-website-us-east-1.amazonaws.com
 org/hornetq/hornetq-server/2.4.7.Final/hornetq-server-2.4.7.Final.jar
This is almost certainly a mistake; for details see
https://codeberg.org/leiningen/leiningen/src/main/doc/FAQ.md  
 
https://codeberg.org/leiningen/leiningen/src/main/doc/FAQ.md
This is almost certainly a mistake; for details see
 
Tried to use insecure HTTP repository without TLS:
 project: http://mrep.s3-website-us-east-1.amazonaws.com
 com/h2database/h2/1.3.171/h2-1.3.171.jar 
https://codeberg.org/leiningen/leiningen/src/main/doc/FAQ.md
 

This is almost certainly a mistake; for details seeTried to use insecure HTTP repository without TLS:
 project: http://mrep.s3-website-us-east-1.amazonaws.com
 io/netty/netty-all/4.0.13.Final/netty-all-4.0.13.Final.jar 
 
This is almost certainly a mistake; for details see 
https://codeberg.org/leiningen/leiningen/src/main/doc/FAQ.md
 
https://codeberg.org/leiningen/leiningen/src/main/doc/FAQ.md

According to lein's FAQ:

 This means your project was configured to download dependencies from a repository that does not use TLS encryption. This is very insecure and exposes you to trivially-executed man-in-the-middle attacks. 
...
It's also possible you have a dependency which includes a reference to an insecure repository for retrieving its own dependencies. If this happens it is strongly recommended to add an :exclusion and report a bug with the dependency which does this.

I don't really do lein nor do I know how to do an exclusion, so it would be nice to get a fix for this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions