Maven Central Security
The security of your package manager is very important to us at appcanary, and it’s important to make sure the packages you’re downloading are secure in transit.
Back in the summer of 2014, I discovered that Maven Central wasn’t using TLS or any signature verification when serving up java packages.
I gave a talk at !!con 2015 about what I did to help convince them to start using encryption.