insecure gradlew

Question

insecure gradlew

Closed this issue 6 years ago · 3 comments

Just a minor adjustment, but could you please fix the gradle conf:

Found plain HTTP URL for gradle repository:
build/org.secuso.privacyfriendlypasswordgenerator/app/build.gradle
repositories{
    maven {
        url 'http://dl.bintray.com/amulyakhare/maven'
    }
gradle build uses plain HTTP URLs for repositories!  This is insecure!
https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/
ERROR: Job failed: exit code 1

(fdroid build complains, pipeline breaks) Fix should be as easy as replacing http by https (URL works then) – but not being an Android dev I cannot verify that.

Thanks!

IzzySoft commented 6 years ago

Thanks!

Answer 1 · 2019-03-13T14:31:25.000Z

Just realized I didn't do it correctly the first time. Should be fixed now. I somehow assumed the Issue was about the checksum not being correct (which it wasn't) because "insecure gradlew" is the tag set for exactly this problem on fdroid.

Should be fixed now .. also increased the version number.

Answer 2 · 2019-03-13T16:01:09.000Z

No, the problem I reported here was the plain http url which should be https. And that's fixed now with 46ea9d5 as I can see 😉