Wicked Good Development is dedicated to the future of open source. This space is to learn about the latest in the developer community and talk shop with open source software innovators and experts in the industry.

In this episode, Joel Orlina joins Kadi Grigg to provide insights and knowledge on “The Secret Life of Maven Central”, his talk given at Devoxx UK and OpenSFF Day. Joel sheds light on the previously unknown history of Maven Central and how it works under the covers. He also discusses how the Central team addresses critical security risks like dependency confusion, how it responded to security events such as Log4Shell, and most importantly, how you can get involved.

Listen to the episode

Wicked Good Development is available wherever you find your podcasts. Visit our page on Spotify’s anchor.fm

Show notes

Hosts

• Kadi Grigg – Host – (Twitter: @kadigrigg)

Panelists

• Joel Orlina- Engineering Manager at Sonatype – (Twitter: @sonatype_ops)

References

• Blind Men and an Elephant
• Nexus Repository Manager
• AWS S3 Bucket
• fastly
• AWS Elastic Beanstalk
• Bintray Sunset Announcement
• Maven Central Support Services 
• Sigstore
• OpenSFF 
• Beta Test Sign-Up 

Transcript

Kadi 0:10
Hi, my name is Kadi Grigg and welcome to another episode of Wicked Good Development where we talk shop with OSS innovators, experts in the industry and dig into what’s really happening in the developer community. 

For today’s episode, we’re joined by Joel Orlina, who’s coming to us today from Sonatype to talk about a presentation that he previously gave on “The Secret Life of Maven Central”. 

Joel, welcome back. How are you?

Joel 0:31
Fine, thank you. Nice to be here again.

Kadi 0:33
Good. So today’s all about your presentation at Devoxx UK that kind of went viral all about the secret life of Maven. So (Read more...)