You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@aurora.apache.org by "Vladimir Sitnikov (Jira)" <ji...@apache.org> on 2019/09/08 21:29:00 UTC
[jira] [Created] (AURORA-1997) Consider using
checksum-dependency-plugin for dependency verification
Vladimir Sitnikov created AURORA-1997:
-----------------------------------------
Summary: Consider using checksum-dependency-plugin for dependency verification
Key: AURORA-1997
URL: https://issues.apache.org/jira/browse/AURORA-1997
Project: Aurora
Issue Type: Story
Components: Build, Scheduler, Security
Reporter: Vladimir Sitnikov
gradle-witness \[1\] aims to provide insulation against MITM attacks via maven dependency downloads. From the looks of things, it would require a pretty small amount of upfront work and upkeep to integrate this and prevent injection of rogue code.
\[1\] https://github.com/whispersystems/gradle-witness
--
This message was sent by Atlassian Jira
(v8.3.2#803003)