You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Dmytriy Grinchenko (JIRA)" <ji...@apache.org> on 2019/07/29 07:57:00 UTC
[jira] [Commented] (DRILL-7270) Fix non-https dependency urls and
add checksum checks
[ https://issues.apache.org/jira/browse/DRILL-7270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16895032#comment-16895032 ]
Dmytriy Grinchenko commented on DRILL-7270:
-------------------------------------------
The most changes have been done and tested in the attached branch "[DRILL-7270 Working branch|https://github.com/dgrinchenko/drill/commits/DRILL-7270]". However several repositories failed to provide proper https certificate and causes artifact download issue. After introducing jitpack, only one repo left and i'm working in direction to verify, if we still need to use this repo.
Meanwhile, request to fix the https certificate has been posted to the repository owner.
> Fix non-https dependency urls and add checksum checks
> -----------------------------------------------------
>
> Key: DRILL-7270
> URL: https://issues.apache.org/jira/browse/DRILL-7270
> Project: Apache Drill
> Issue Type: Task
> Components: Security
> Affects Versions: 1.16.0
> Reporter: Arina Ielchiieva
> Assignee: Dmytriy Grinchenko
> Priority: Major
> Fix For: 1.17.0
>
>
> Review any build scripts and configurations for insecure urls and make appropriate fixes to use secure urls.
> Projects like Lucene do checksum whitelists of all their build dependencies, and you may wish to consider that as a
> protection against threats beyond just MITM.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)