diff options
author | 2017-11-10 22:29:13 +0100 | |
---|---|---|
committer | 2017-11-10 23:28:16 +0100 | |
commit | 1c639ab3d40ca5ae38440d7c0ee01248707c5da3 (patch) | |
tree | 45b7ea636e24004510672ccea3cd983eb1c99bfa | |
parent | 5d6d28e07f58600090055da7e62454cfc2677fbf (diff) |
Update java.bzl best practices regarding HTTPS
While HTTP is faster and SHA256 already guaranteed data
hasn't been tampered with, it does give visibility over
the wire regarding which jars are being transmitted. The
true purpose of this change is to bring these practices
into greater consistency with Google's broader vision of
using HTTPS as much as possible.
PiperOrigin-RevId: 175328286
-rw-r--r-- | tools/build_defs/repo/java.bzl | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/tools/build_defs/repo/java.bzl b/tools/build_defs/repo/java.bzl index 7f3657bc69..766cb18109 100644 --- a/tools/build_defs/repo/java.bzl +++ b/tools/build_defs/repo/java.bzl @@ -46,7 +46,6 @@ The recommended best practices for downloading Maven jars are as follows: 4. Make the second URL the original repo1.maven.org URL 5. Make the third URL the maven.ibiblio.org mirror, if it isn't 404 6. Always specify the sha256 checksum -7. Prefer http over https unless curl -I says the http URL redirects to https Bazel has one of the most sophisticated systems for downloading files of any build system. Following these best practices will ensure that your codebase |