Jitpack allows to republish for 7 days, ideal to publish malware…
Please, folks, use MavenCentral until we get something simpler to setup that still is serious about security.
➕ 7
a
altavir
09/14/2021, 1:27 PM
Jitpack is very unstable and is unsuitable for anything but quick testing purposes. So yeah, it should not be used for permanent library deployment.
s
Sami Eljabali
09/14/2021, 2:47 PM
“Republish for 7 days” what’s meant by that?
c
christophsturm
09/14/2021, 3:02 PM
I think it means published artifacts are not immutable, so you could replace something thats already published with malware
👍 1
g
gildor
10/07/2021, 8:24 AM
It’s restricted in all our projects to use jitpack repository.
MavenCentral is the only real option and other alternatives should be considered only for closed-source/internal libraries