[ZOOKEEPER-2594] Use TLS for downloading artifacts during build - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.4.9, 3.5.2
Fix Version/s: 3.4.10, 3.5.3, 3.6.0
Component/s: build
Labels:
- security

Hadoop Flags:

Reviewed

Description

Zookeeper builds are downloading dependencies using the insecure http:// protocol.

An outdated java.net repository can be removed now, since its content is now on maven.org.

The https://repo2.maven.org cannot be used, since its certificate is invalid. Use repo1.maven.org instead (IMHO this is intentional).

Appended you'll find a proposed patch (against git head) to fix these issues, for a starter.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ZOOKEEPER-2594.patch
20/Sep/16 04:05
2 kB
Patrick D. Hunt
compile.log
20/Sep/16 05:41
8 kB
Olaf Flebbe
0001-ZOOKEEPER-2594-Use-TLS-for-downloading.patch
19/Sep/16 19:08
3 kB
Olaf Flebbe
0001-ZOOKEEPER-2594-Use-TLS-for-downloading.patch
25/Sep/16 15:46
3 kB
Olaf Flebbe
0001-ZOOKEEPER-2594-Use-TLS-for-downloading.patch
02/Oct/16 08:09
3 kB
Olaf Flebbe

Activity

People

Assignee:: Olaf Flebbe

Reporter:: Olaf Flebbe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Sep/16 19:06

Updated:: 31/Mar/17 09:01

Resolved:: 05/Oct/16 16:33