Use HTTPS everywhere we can.

[technomancy]

Disables two tests which were using an unencrypted HTTP connection to
the Central UK mirrors. I was unable to find any HTTPS mirrors, but if
one exists, it should be used and the tests re-enabled.

[xeqi]

👎 on removing mirror tests. They get written to a temp cache and never have any code loaded.

[technomancy]

The servlet-api artifact is a commonly-used dependency though. Maybe if we tested against an artifact so obscure that it's basically guaranteed never to get consumed from another codebase?

[xeqi]

The downloaded files are already "basically guaranteed never to get consumed by another codebase". The tests are setup to use a temporary directory as a local cache with :local-repo tmp-local-repo-dir. This also gets deleted each time the tests run through the clear-tmp fixture.

[technomancy]

Oh cool; I missed that. Updated the patch to reinstate the test with unencrypted mirrors.

[xeqi]

I think the mirrors need s/https/http.

[technomancy]

Yeah, you caught me in the middle of a few amends/forcepush cycles. =)

[cemerick]

I'm seeing similar test failures as Travis:

Could not transfer artifact javax.servlet:servlet-api:pom:2.5 from/to central
(https://repo1.maven.org/maven2/): Failed to transfer file:
https://repo1.maven.org/maven2/javax/servlet/servlet-api/2.5/servlet-api-2.5.pom.
Return code is: 503, ReasonPhrase:backend read error.

Browsers and curl can load that URL fine. The other is:

Access denied to: https://uk.maven.org/maven2/javax/servlet/servlet-api/2.5/servlet-api-2.5.pom,
ReasonPhrase:Use https://repo1.maven.org.

As far as Firefox is concerned, the cert for uk.maven.org is invalid (only usable with repo1).

I agree with the sentiment in the subject, but I don't want to lead people into a cert validity / connectivity policy minefield either…

[technomancy]

This is covered by #83 now.