syncorg icon indicating copy to clipboard operation
syncorg copied to clipboard

Published 20 hours ago verified publisher icon wizmer

insecure gradlew

Open IzzySoft opened this issue 7 years ago • 0 comments

in case this project is still maintained: a minor fix would be required to increase build security. F-Droid lint complains:

Found plain HTTP URL for gradle repository:
build/com.coste.syncorg/SyncOrg/build.gradle
repositories {
    maven { url 'http://guardian.github.com/maven/repo-releases' }
gradle build uses plain HTTP URLs for repositories!  This is insecure!
https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/

Simply make that an https URL, the target supports that. Thanks!

IzzySoft avatar Oct 20 '18 19:10 IzzySoft