Bintray Blog

Feel secure with SSL? Think again.

Recently, we’ve heard a lot of discussion about the trust we place in public binary repositories. For example, Maven Central, a popular legacy repository maintained by Sonatype, was recently compromised by a successful MITM attack. In response, Sonatype set up an https access to central (removing the demand for a $10 donation to the Apache … Continued

Bintray Blog

Fight Crime with GPG

So you deliver your awesome library to hundreds of users each day, but they’re a tough bunch and they’re all like: “Hey man, we gotta see some ID” So you kneel to the whims of the rabble; you generate your GPG key pair and sign each artifact you deliver, because hell if you’re gonna let … Continued