Dear Bintray and JCenter Users - Here’s What You Need to Know About The Central Repository - Security Boulevard

Dear Bintray and JCenter Users – Here’s What You Need to Know About The Central Repository

If you’re freaking out because JFrog announced it’s sunsetting Bintray and JCenter, and are concerned about moving your Java components into The Central Repository, I want to first and foremost say – don’t worry. We’re here for you and I personally want to make sure you feel prepared for that transition. 

Based on a number of conversations taking place across social media,  I wanted to address a few questions – here’s what you need to know. 

  1. Central is actually two parts. The part most of the world knows as Central is where everyone downloads their java components. This has been fronted by a highly scaled CDN for years and it’s very infrequent that anyone has trouble consuming components. We served 345 Billion components last year. OSS Publishers have had some troubles with the other part of Central we refer to as OSSRH which is a forge repo we run for projects that don’t have any other place. 
    Number of Download Requests for Java Component Release 2012 - 2020
  2. It’s Not the OSSRH You Used to Know: Lots of less visible improvements have been made since you probably last deployed to http://oss.sonatype.org years ago. The validation and onboarding process has been automated, making the approval of your coordinates happen much faster and in many cases, automatically.

  3. Yes, We Do Still Validate. It’s a Matter of Safety – We started validating coordinates 16 years ago, and it isn’t going to stop. Validation of coordinates is the way that we ensure people can’t (as easily) pretend to be a project they are not.

    We recently wrote about this here. To drop those requirements is to embrace the type of easy brandjacking that happens in other repos

  4. We’re Standing up New Infrastructure – To address the overwhelming demand we’ve seen recently, even preceding this recent announcement regarding Bintray, (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Brian Fox. Read the original post at: https://blog.sonatype.com/dear-bintray-and-jcenter-users-heres-what-you-need-to-know-about-the-central-repository