[GIRAPH-1120] Insecure repository configuration - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.3.0
Fix Version/s: 1.3.0
Component/s: build
Labels:
None

Description

Hi, the repository configuration of giraph is dangerous, since it is susceptible for mitm attacks.

<repositories>
    <repository>
      <id>central</id>
      <url>http://repo1.maven.org/maven2</url>
      <releases>
        <enabled>true</enabled>
      </releases>
    </repository>
...

If one looks closer, no repository is needed to be configured since everything from the default profile is in maven central.

If anything from a non-default profile is not found in maven central, it should be moved to the respective profile. For instance the CDH artifact repository should be moved to the cdh hadoop_cdh4.1.2 profile.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-GIRAPH-1120-Insecure-repository-configuration.patch
21/Oct/16 17:15
2 kB
Olaf Flebbe
0001-GIRAPH-1120-Insecure-repository-configuration.patch
11/Oct/16 05:38
1.0 kB
Olaf Flebbe

Activity

People

Assignee:: Unassigned

Reporter:: Olaf Flebbe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Oct/16 05:30

Updated:: 21/Oct/16 23:48