[
https://issues.apache.org/jira/browse/IMPALA-3185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661461#comment-16661461
]
Tim Armstrong commented on IMPALA-3185:
---------------------------------------
We download everything over https now afaik so this is less of an issue. It
would be nice to verify hashes since that would catch various errors but this
is less critical.
> Toolchain should not trust downloads
> ------------------------------------
>
> Key: IMPALA-3185
> URL: https://issues.apache.org/jira/browse/IMPALA-3185
> Project: IMPALA
> Issue Type: Improvement
> Components: Infrastructure
> Affects Versions: Impala 2.5.0
> Reporter: Jim Apple
> Priority: Major
> Labels: security
>
> According to https://issues.cloudera.org/browse/IMPALA-3184 , the toolchain
> downloads things from the public internet over ftp. It should only use
> encrypted connections like sftp and it should check hashes when possible.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org
