Turns out the no-TLS workaround does actually work.
This commit is contained in:
Phil Hagelberg
parent
c5bf1b53cb
commit
26bca986b3
1 changed files with 10 additions and 1 deletions
11
doc/FAQ.md
11
doc/FAQ.md
|
|
@ -232,7 +232,16 @@ property.
|
||||||
**Q:** I got `Tried to use insecure HTTP repository without TLS`, what is that about?
|
**Q:** I got `Tried to use insecure HTTP repository without TLS`, what is that about?
|
||||||
**A:** This means your project was configured to download dependencies
|
**A:** This means your project was configured to download dependencies
|
||||||
from a repository that does not use TLS encryption. This is very
|
from a repository that does not use TLS encryption. This is very
|
||||||
insecure and exposes you to trivially-executed man-in-the-middle attacks.
|
insecure and exposes you to trivially-executed man-in-the-middle
|
||||||
|
attacks. In the rare event that you don't care about the security of
|
||||||
|
the machines running your project or can ensure that the only http
|
||||||
|
traffic is going out over a trusted network, you can re-enable support
|
||||||
|
for unsafe repositories by putting this in your `project.clj` file:
|
||||||
|
|
||||||
|
;; never do this
|
||||||
|
(require 'cemerick.pomegranate.aether)
|
||||||
|
(cemerick.pomegranate.aether/register-wagon-factory!
|
||||||
|
"http" #(org.apache.maven.wagon.providers.http.HttpWagon.))
|
||||||
|
|
||||||
It's also possible you have a dependency which includes a reference to
|
It's also possible you have a dependency which includes a reference to
|
||||||
an insecure repository for retrieving its own dependencies. If this
|
an insecure repository for retrieving its own dependencies. If this
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue