https://kotlinlang.org logo
#library-development
Title
# library-development
l

louiscad

09/14/2021, 9:12 AM
Jitpack allows to republish for 7 days, ideal to publish malware… Please, folks, use MavenCentral until we get something simpler to setup that still is serious about security.
7
a

altavir

09/14/2021, 1:27 PM
Jitpack is very unstable and is unsuitable for anything but quick testing purposes. So yeah, it should not be used for permanent library deployment.
s

Sami Eljabali

09/14/2021, 2:47 PM
“Republish for 7 days” what’s meant by that?
c

christophsturm

09/14/2021, 3:02 PM
I think it means published artifacts are not immutable, so you could replace something thats already published with malware
👍 1
g

gildor

10/07/2021, 8:24 AM
It’s restricted in all our projects to use jitpack repository. MavenCentral is the only real option and other alternatives should be considered only for closed-source/internal libraries