Issue Details (XML | Word | Printable)

Key: LUCENE-1294
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Trivial Trivial
Assignee: Grant Ingersoll
Reporter: Grant Ingersoll
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Lucene - Java

Jar manifest should not contain ${user.name} of the person building

Created: 28/May/08 05:47 PM   Updated: 11/Oct/08 12:49 PM
Return to search
Component/s: None
Affects Version/s: None
Fix Version/s: 2.4

Time Tracking:
Not Specified

Lucene Fields: Patch Available
Resolution Date: 30/May/08 11:11 AM


 Description  « Hide
Not sure if it is a big deal, but I don't particularly like that my user id for my build machine is in the manifest of the JAR that I constructed. It's a stretch, security-wise, I know, but I don't see how it serves any useful purpose. We have signatures/logs/SVN tags so we know who built the particular item w/o needing to know what their local user account name is.

The fix is:

Index: common-build.xml
===================================================================
--- common-build.xml    (revision 661027)
+++ common-build.xml    (working copy)
@@ -281,7 +281,7 @@
                <attribute name="Implementation-Title" value="org.apache.lucene"/>
                <!-- impl version can be any string -->
                <attribute name="Implementation-Version"
-                          value="${version} ${svnversion} - ${user.name} - ${DSTAMP} ${TSTAMP}"/>
+                          value="${version} ${svnversion} - ${DSTAMP} ${TSTAMP}"/>
                <attribute name="Implementation-Vendor"
                           value="The Apache Software Foundation"/>
                <attribute name="X-Compile-Source-JDK"

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Hoss Man added a comment - 31/May/08 03:12 AM
FWIW: I included it originally because i've definitely seen value in the past when you can look at an artifact and ask "who built this? where did it come from?" ... maybe not so much for official releases but i've been in enough positions where organizations build their own artifacts from source and later you want to know who built it so you can double check with them how they did it (because you think they screwed something up)

I believe maven actually forcibly puts the build user in every manifest file, so it's not like we were in bleeding edge territory or anything.


[ Permlink | « Hide ]
Doug Cutting added a comment - 31/May/08 03:32 AM
I too always felt this a feature, albeit a minor one.


Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators