Это правда?
[16:45:45]<woky> you can get user access to pretty much every Java developer in your MITMinit these days
[16:46:06]<woky> they don't give a shit =)
[16:46:57]<woky> (i'm not java developer)
[16:50:56]<L29Ah> how come?
[16:52:07]<woky> well, almost every java fuck these days use crap like maven, or maybe some other tool, but sonatype (maven fucktards) runs central Jar repository and every Java build tool uses this repo to fetch deps
[16:52:41]<woky> they were incompetent enough to make tool that dls executable code (even build tool plugins for things like "clean") without any security whatsoever
[16:52:50]<woky> and best part:
[16:53:58]<woky> this year they were finally able to add SSL but you have to pay for that =D
[16:54:41]<L29Ah> WAT
[16:54:44]<L29Ah> pay for HTTPS?
[16:54:46]<L29Ah> WAT
[16:55:12]<woky> lol yep, Java world is unbelieveably crazy,
[16:55:40]<woky> so average Java dev will just create his pom and run stuff like "mvn clean" which will download and run clean plugin (which does rm -r target but runs 5 seconds)
[16:56:19]<woky> download from insecure http://repo1.maven.org ofc