You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Grant Ingersoll (JIRA)" <ji...@apache.org> on 2008/05/28 19:47:45 UTC
[jira] Created: (LUCENE-1294) Jar manifest should not contain
${user.name} of the person building
Jar manifest should not contain ${user.name} of the person building
-------------------------------------------------------------------
Key: LUCENE-1294
URL: https://issues.apache.org/jira/browse/LUCENE-1294
Project: Lucene - Java
Issue Type: Bug
Reporter: Grant Ingersoll
Assignee: Grant Ingersoll
Priority: Trivial
Not sure if it is a big deal, but I don't particularly like that my user id for my build machine is in the manifest of the JAR that I constructed. It's a stretch, security-wise, I know, but I don't see how it serves any useful purpose. We have signatures/logs/SVN tags so we know who built the particular item w/o needing to know what their local user account name is.
The fix is:
{code}
Index: common-build.xml
===================================================================
--- common-build.xml (revision 661027)
+++ common-build.xml (working copy)
@@ -281,7 +281,7 @@
<attribute name="Implementation-Title" value="org.apache.lucene"/>
<!-- impl version can be any string -->
<attribute name="Implementation-Version"
- value="${version} ${svnversion} - ${user.name} - ${DSTAMP} ${TSTAMP}"/>
+ value="${version} ${svnversion} - ${DSTAMP} ${TSTAMP}"/>
<attribute name="Implementation-Vendor"
value="The Apache Software Foundation"/>
<attribute name="X-Compile-Source-JDK"
{code}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org
[jira] Resolved: (LUCENE-1294) Jar manifest should not contain
${user.name} of the person building
Posted by "Grant Ingersoll (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENE-1294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Grant Ingersoll resolved LUCENE-1294.
-------------------------------------
Resolution: Fixed
Fix Version/s: 2.4
Lucene Fields: [Patch Available] (was: [Patch Available, New])
> Jar manifest should not contain ${user.name} of the person building
> -------------------------------------------------------------------
>
> Key: LUCENE-1294
> URL: https://issues.apache.org/jira/browse/LUCENE-1294
> Project: Lucene - Java
> Issue Type: Bug
> Reporter: Grant Ingersoll
> Assignee: Grant Ingersoll
> Priority: Trivial
> Fix For: 2.4
>
>
> Not sure if it is a big deal, but I don't particularly like that my user id for my build machine is in the manifest of the JAR that I constructed. It's a stretch, security-wise, I know, but I don't see how it serves any useful purpose. We have signatures/logs/SVN tags so we know who built the particular item w/o needing to know what their local user account name is.
> The fix is:
> {code}
> Index: common-build.xml
> ===================================================================
> --- common-build.xml (revision 661027)
> +++ common-build.xml (working copy)
> @@ -281,7 +281,7 @@
> <attribute name="Implementation-Title" value="org.apache.lucene"/>
> <!-- impl version can be any string -->
> <attribute name="Implementation-Version"
> - value="${version} ${svnversion} - ${user.name} - ${DSTAMP} ${TSTAMP}"/>
> + value="${version} ${svnversion} - ${DSTAMP} ${TSTAMP}"/>
> <attribute name="Implementation-Vendor"
> value="The Apache Software Foundation"/>
> <attribute name="X-Compile-Source-JDK"
> {code}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org
[jira] Commented: (LUCENE-1294) Jar manifest should not contain
${user.name} of the person building
Posted by "Doug Cutting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENE-1294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12601336#action_12601336 ]
Doug Cutting commented on LUCENE-1294:
--------------------------------------
I too always felt this a feature, albeit a minor one.
> Jar manifest should not contain ${user.name} of the person building
> -------------------------------------------------------------------
>
> Key: LUCENE-1294
> URL: https://issues.apache.org/jira/browse/LUCENE-1294
> Project: Lucene - Java
> Issue Type: Bug
> Reporter: Grant Ingersoll
> Assignee: Grant Ingersoll
> Priority: Trivial
> Fix For: 2.4
>
>
> Not sure if it is a big deal, but I don't particularly like that my user id for my build machine is in the manifest of the JAR that I constructed. It's a stretch, security-wise, I know, but I don't see how it serves any useful purpose. We have signatures/logs/SVN tags so we know who built the particular item w/o needing to know what their local user account name is.
> The fix is:
> {code}
> Index: common-build.xml
> ===================================================================
> --- common-build.xml (revision 661027)
> +++ common-build.xml (working copy)
> @@ -281,7 +281,7 @@
> <attribute name="Implementation-Title" value="org.apache.lucene"/>
> <!-- impl version can be any string -->
> <attribute name="Implementation-Version"
> - value="${version} ${svnversion} - ${user.name} - ${DSTAMP} ${TSTAMP}"/>
> + value="${version} ${svnversion} - ${DSTAMP} ${TSTAMP}"/>
> <attribute name="Implementation-Vendor"
> value="The Apache Software Foundation"/>
> <attribute name="X-Compile-Source-JDK"
> {code}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org
[jira] Commented: (LUCENE-1294) Jar manifest should not contain
${user.name} of the person building
Posted by "Hoss Man (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENE-1294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12601333#action_12601333 ]
Hoss Man commented on LUCENE-1294:
----------------------------------
FWIW: I included it originally because i've definitely seen value in the past when you can look at an artifact and ask "who built this? where did it come from?" ... maybe not so much for official releases but i've been in enough positions where organizations build their own artifacts from source and later you want to know who built it so you can double check with them how they did it (because you think they screwed something up)
I believe maven actually forcibly puts the build user in every manifest file, so it's not like we were in bleeding edge territory or anything.
> Jar manifest should not contain ${user.name} of the person building
> -------------------------------------------------------------------
>
> Key: LUCENE-1294
> URL: https://issues.apache.org/jira/browse/LUCENE-1294
> Project: Lucene - Java
> Issue Type: Bug
> Reporter: Grant Ingersoll
> Assignee: Grant Ingersoll
> Priority: Trivial
> Fix For: 2.4
>
>
> Not sure if it is a big deal, but I don't particularly like that my user id for my build machine is in the manifest of the JAR that I constructed. It's a stretch, security-wise, I know, but I don't see how it serves any useful purpose. We have signatures/logs/SVN tags so we know who built the particular item w/o needing to know what their local user account name is.
> The fix is:
> {code}
> Index: common-build.xml
> ===================================================================
> --- common-build.xml (revision 661027)
> +++ common-build.xml (working copy)
> @@ -281,7 +281,7 @@
> <attribute name="Implementation-Title" value="org.apache.lucene"/>
> <!-- impl version can be any string -->
> <attribute name="Implementation-Version"
> - value="${version} ${svnversion} - ${user.name} - ${DSTAMP} ${TSTAMP}"/>
> + value="${version} ${svnversion} - ${DSTAMP} ${TSTAMP}"/>
> <attribute name="Implementation-Vendor"
> value="The Apache Software Foundation"/>
> <attribute name="X-Compile-Source-JDK"
> {code}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org