gerlowskija commented on PR #1832: URL: https://github.com/apache/solr/pull/1832#issuecomment-1671886686
> this just seems like a terrible way to do this. We shouldn't even run tests this way on Mac. It gives a false sense of security that things are working when they really aren't. I guess where I differ is on the "false sense of security" thing. It'd be nearly impossible for users not to get the message: our release notes have warnings about this, the bug surfaces immediately upon starting Solr, etc. Any admin doing any due-diligence is going to catch this right away. I totally agree it's a bad user experience for the folks who have to hit the bug the hard way, but it's probably safer than doing something more comprehensive like disabling Security Manager for folks without their explicit intervention and then hoping they see whatever message we log about that. If I'm being overly cautious and am the minority there, I'm happy to add some `bin/solr` level fix to this PR (assuming that's what you had in mind @risdenk). But wanted to call out what seems like at least a potential security risk. (And even with a `bin/solr` level change if we go that route, I think we'd still need the gradle-level change in this PR to keep our JUnit tests in line with "real" packaged deployments?) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
