[
https://issues.apache.org/jira/browse/GIRAPH-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Olaf Flebbe updated GIRAPH-1120:
--------------------------------
Attachment: 0001-GIRAPH-1120-Insecure-repository-configuration.patch
Second try:
Remove the maven central line , since it is already a default path to search.
Move the cloudera repo to the corresponding profile.
The other repositories may be removed too, since everything is in maven central
(but who knows what esoteric profiles may need)
> Insecure repository configuration
> ----------------------------------
>
> Key: GIRAPH-1120
> URL: https://issues.apache.org/jira/browse/GIRAPH-1120
> Project: Giraph
> Issue Type: Bug
> Components: build
> Affects Versions: 1.3.0
> Reporter: Olaf Flebbe
> Fix For: 1.2.0
>
> Attachments:
> 0001-GIRAPH-1120-Insecure-repository-configuration.patch,
> 0001-GIRAPH-1120-Insecure-repository-configuration.patch
>
>
> Hi, the repository configuration of giraph is dangerous, since it is
> susceptible for mitm attacks.
> {code}
> <repositories>
> <repository>
> <id>central</id>
> <url>http://repo1.maven.org/maven2</url>
> <releases>
> <enabled>true</enabled>
> </releases>
> </repository>
> ...
> {code}
> If one looks closer, no repository is needed to be configured since
> everything from the default profile is in maven central.
> If anything from a non-default profile is not found in maven central, it
> should be moved to the respective profile. For instance the CDH artifact
> repository should be moved to the cdh hadoop_cdh4.1.2 profile.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
