Jitpack allows to republish for 7 days, ideal to publish malware… Please, folks, use MavenCentral until we get something simpler to setup that still is serious about security.

Jitpack is very unstable and is unsuitable for anything but quick testing purposes. So yeah, it should not be used for permanent library deployment.

“Republish for 7 days” what’s meant by that?

I think it means published artifacts are not immutable, so you could replace something thats already published with malware

It’s restricted in all our projects to use jitpack repository. MavenCentral is the only real option and other alternatives should be considered only for closed-source/internal libraries