How do we know we can trust the Maven Central Repository?

Question

Sorry if this question isn\'t appropriate for StackOverflow, it\'s not a coding question.

I\'m new to Maven and am curious how there can be a Maven Central Repository th

Answer 1

With anything read the Terms/Service: https://repo1.maven.org/terms.html. If you don't have a warm and fuzzy after that then you are free not to use it. There are other maven repos out there but most anyone I know in the development world uses the central repo and has never had an issue. Frankly if you don't trust any of the repos you can very well throw up you own repo (Say Artifactory).

In regards to Sonatype. They are a service company with added value and the Central Repo is more or less good will. Lots of companies out there have this business model. Say bait for a hook.