capistrant commented on PR #18227: URL: https://github.com/apache/druid/pull/18227#issuecomment-3054036497
> Does the ranger extension really use `kafka-clients` or is that getting pulled in extraneously? If it's unnecessary, it's better to exclude `kafka-clients` than to add a CVE suppression. I'll dig into the question on the kafka-clients. I'm skeptical that it actually needs the dependency, but will try to get a definitive answer here. I know ranger has functionality to produce to kafka as an audit mechanism, but I feel like that is more so related to the actual ranger service that this extension is hooking into for auth -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
