You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@aurora.apache.org by "Bill Farner (JIRA)" <ji...@apache.org> on 2014/07/30 19:36:41 UTC
[jira] [Commented] (AURORA-616) Consider using gradle-witness to
verify dependencies
[ https://issues.apache.org/jira/browse/AURORA-616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14079605#comment-14079605 ]
Bill Farner commented on AURORA-616:
------------------------------------
Blocked by https://github.com/WhisperSystems/gradle-witness/issues/1
> Consider using gradle-witness to verify dependencies
> ----------------------------------------------------
>
> Key: AURORA-616
> URL: https://issues.apache.org/jira/browse/AURORA-616
> Project: Aurora
> Issue Type: Story
> Components: Build, Scheduler, Security
> Reporter: Bill Farner
> Priority: Trivial
> Labels: newbie
>
> gradle-witness \[1\] aims to provide insulation against MITM attacks via maven dependency downloads. From the looks of things, it would require a pretty small amount of upfront work and upkeep to integrate this and prevent injection of rogue code.
> \[1\] https://github.com/whispersystems/gradle-witness
--
This message was sent by Atlassian JIRA
(v6.2#6252)