http://scalasbt.artifactoryonline.com/ is being reported with "poor" reputation by Senderbase

[Thomas Lockney]

Unfortunately, our corporate network is being filtered through a proxy to the outside world that uses Senderbase as part of its scoring system for external networks and sites. It turns out that Senderbase has scalasbt.artifactoryonline.com listed with a "poor" rating (www.artifactoryonline.com is listed as "neutral", for what it's worth). I don't know what we as a community can do to address this, but perhaps whomever manages the website/repository can look into it? 

If it helps, here's the query that shows the rating: http://www.senderbase.org/senderbase_queries/rep_lookup?search_name=http%3A%2F%2Fscalasbt.artifactoryonline.com%2F&action%3ASearch=Search

Thanks!

~thomas

[Josh Suereth]

I can't get an honest answer out of that website as to exactly what's causing this issue. I'll take it up with JFrog, see if they might have an idea.

~thomas

--
You received this message because you are subscribed to the Google Groups "simple-build-tool" group.
To view this discussion on the web visit https://groups.google.com/d/msg/simple-build-tool/-/DZGY3kHOtNAJ.
To post to this group, send email to simple-b...@googlegroups.com.
To unsubscribe from this group, send email to simple-build-t...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/simple-build-tool?hl=en.

[Josh Suereth]

I'll look into it.  That domain is given us by artifactory.  It mentions malware, so maybe it's freaking out about the unsigned EXEs for sbt?   Maybe I'll convince someone to pay MSFT lots of $$$ for a certificate (that hackers can fake, yay for security) to sign SBT's windows packages.

- Josh

On Sat, Jul 7, 2012 at 3:46 PM, Thomas Lockney <tho...@lockney.net> wrote:

~thomas

--

[Thomas Lockney]

Oh, interesting, I hadn't thought about the exe issue. That seems like
it could actually be the cause. Since I reputedly work for the same
folks reporting the site as 'poor', I'm attempting to get more
information about what's causing the score to be so low and what can
be done to resolve it. I'll let you know what I find out.

--
http://about.me/tlockney

[Josh Suereth]

Yeah... Artirfactory is the only one you can use to proxy unfortunately.  I wish that weren't the case, but hey:  If you're a nexus customer, ask Sonatype!  Those guys are pretty cool, might implement it for you.

- Josh

On Mon, Jul 9, 2012 at 12:54 PM, Thomas Lockney <tho...@lockney.net> wrote:

As it turns out, there is a remarkably simple work around we found: using https to access the repository works. In case anyone else hits this issue, it's worth recording this, which is why I'm responding to my own email.

Also, I was about to set up an internal proxy to make things nice and speedy, but we use Nexus. Unfortunately, I had not realized before that Nexus is entirely unable to proxy Ivy style repositories. Again, this is probably known by many (for that matter, I think Josh might have even told me this a couple days ago -- too many balls in the air to remember), but I thought it worth mentioning here in case others run into this. I may set up an internal Artifactory repo just for mirroring this, but I'm not sure yet if it's worth the trouble.

~thomas 

--

You received this message because you are subscribed to the Google Groups "simple-build-tool" group.

To view this discussion on the web visit https://groups.google.com/d/msg/simple-build-tool/-/XJe1CDran8QJ.

[Thomas Lockney]

Just in case anyone else was affected by this, it now looks like this has been cleared up. I contacted Senderbase support asking for an explanation of the rating. Rather than respond with much useful detail (they said an "

the domain was hosting an exploit" at some undetermined point in the past), they responded that it had been cleared up and the score updated. I just double checked and it is indeed no longer being blocked.

On Saturday, July 7, 2012 12:46:35 PM UTC-7, Thomas Lockney wrote: