giraph-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Olaf Flebbe (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (GIRAPH-1120) Insecure repository configuration
Date Fri, 21 Oct 2016 17:15:58 GMT

     [ https://issues.apache.org/jira/browse/GIRAPH-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Olaf Flebbe updated GIRAPH-1120:
--------------------------------
    Attachment: 0001-GIRAPH-1120-Insecure-repository-configuration.patch

Second try:

Remove the maven central line , since it is already a default path to search.
Move the cloudera repo to the corresponding profile. 
The other repositories may be removed too, since everything is in maven central (but who knows
what esoteric profiles may need)



> Insecure repository configuration 
> ----------------------------------
>
>                 Key: GIRAPH-1120
>                 URL: https://issues.apache.org/jira/browse/GIRAPH-1120
>             Project: Giraph
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 1.3.0
>            Reporter: Olaf Flebbe
>             Fix For: 1.2.0
>
>         Attachments: 0001-GIRAPH-1120-Insecure-repository-configuration.patch, 0001-GIRAPH-1120-Insecure-repository-configuration.patch
>
>
> Hi, the repository configuration of giraph is dangerous, since it is susceptible for
mitm attacks.
> {code}
> <repositories>
>     <repository>
>       <id>central</id>
>       <url>http://repo1.maven.org/maven2</url>
>       <releases>
>         <enabled>true</enabled>
>       </releases>
>     </repository>
> ...
> {code}
> If one looks closer, no repository is needed to be configured since everything from the
default profile is in maven central. 
> If anything from a non-default profile is not found in maven central, it should be moved
to the respective profile. For instance the CDH artifact repository should be moved to the
cdh hadoop_cdh4.1.2 profile.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message