It’s just there, like the stars, electricity, and Java. In the Java world, Maven Central is the most essential single service. You can get Java SDKs, and even container images from various vendors, but Java code comes from only one place: Maven Central.
Serving over 10 billion requests a week, Maven Central is sooo boring, sooo reliable that it’s understandable that it’s mostly invisible. It’s just there.
Recently, though we’ve seen questions about the Java code hosted there, other repositories have been experiencing unprecedented attempts to upload malware. Even in the Java world, there are significant vulnerabilities that some have called to be removed. Don't miss this opportunity to deepen your understanding of the backbone of Java development.
This talk intends to give you the background of Maven Central and its philosophy of dealing with problematic content. We’ll also explore how the service works under the covers, the APIs you might not be aware of, and what’s coming up next!
Steve Poole is Director of Developer Advocacy, Security Champion, DevOps practitioner (whatever that means) Long time Java developer, leader, and evangelist. I’ve worked on Java SDKs and JVMs since Java was less than 1. JavaOne Rockstar, JSR leader and representation, Committer on open source projects, including ones at Apache, Eclipse, and OpenJDK. A seasoned speaker and regular presenter at international conferences on technical and software engineering topics.
The New York Java Special Interest Group (NYJavaSIG) is based in New York City and attracts Java developers from the tri-state region. Through its regular monthly general meetings, bi-monthly specialty workgroup meetings and its website, the NYJavaSIG brings together members of New York's Java community so they can share their tips, techniques, knowledge, and experience.