Cleaning dependencies repositories

[amottier]

I'm trying to build Knowage-Server from source using latest stable version of Maven (3.9.4). But since Maven 3.8.1 HTTP repositories are blocked by default.

So in this pull request I tried to update all HTTP repositories to their equivalent HTTPS versions.

For some of them I took the opportunity to use more "official" repositories.

For http://repo.bidlink.cn/nexus/content/repositories/ repository that is used to download com.jamon:fdsapi artifact the HTTPS URL (https://repo.bidlink.cn/nexus/content/repositories/) provides invalid certificate. I tried to look for an alternative repository but didn't find any. I opened an issue on a related project to get help to identify an official repository and also to identify where the source code is hosted. Due to this issue I'm opening this pull request as a draft.

I have read the CLA Document and I hereby sign the CLA

[davide-zerbetto]

Thanks a lot for your input @amottier !!
Let's wait a bit for a response on com.jamon:fdsapi dependency...

[amottier]

@davide-zerbetto I'm not really optimistic about getting a reply to stevensouza/jamonapi#29

Would it be ok with you if I you if I get fdsapi-1.2.jar from https://github.com/stevensouza/jamonapi/blob/master/jamon_war/src/main/webapp/WEB-INF/lib/fdsapi-1.2.jar, published it on OW2 Nexus repository (https://repository.ow2.org/nexus/) and update this pull request to get it from there?

Of course I think the best long term solution would be to figure out a way to remove the dependency on fdsapi-1.2.jar as the project seems to be no longer actively developed.

[amottier]

@davide-zerbetto as I didn't get a response to my issue stevensouza/jamonapi#29 I upload the artifact to OW2 Nexus repository for 3rd party libraries: https://repository.ow2.org/nexus/content/repositories/3rd-party/

Would it be ok with you to get the dependency from there?

[davide-zerbetto]

@amottier it would be ok to get library from ow2 repo, but sources should be there along with binary. Could you please publish source code as well? You know: having an open source project, we should also provide sources for the libraries

[amottier]

The thing is I don't know where the source code of this specific version is hosted.

I checked the content of the repository you are currently using (http://repo.bidlink.cn/nexus/content/repositories/public/com/fdsapi/fdsapi/1.2/) looking for a jar or zip file with the sources but can't find it.

Where did you currently get the source code?

Also, as far as I know, as you don't do any modification on this library you don't have obligation to distribute the source code, you only need to make sure you include the license (BSD for fdsapi). But I might be wrong here.

[amottier]

@davide-zerbetto I did the change to get fdsapi-1.2.jar from OW2 third party repository. Is it ok for you to merge this pull request as is?

[davide-zerbetto]

@amottier regarding if it is mandatory for a dependency to have its sources publicly available, I'm not sure too, I think there is no unanimous consensus about it. Let's say that we prefer to have only dependencies with publicly available sources and, when possible, we try to remove the ones that do not meet this requirement.
For now, I'll merge you PR as it is.
Thanks.

[amottier]

@davide-zerbetto thanks a lot, I'll just rebase my commit to avoid any conflict.