[
https://issues.apache.org/jira/browse/PIRK-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15565699#comment-15565699
]
ASF GitHub Bot commented on PIRK-45:
------------------------------------
Github user tellison commented on a diff in the pull request:
https://github.com/apache/incubator-pirk/pull/107#discussion_r82813654
--- Diff: src/main/java/org/apache/pirk/query/wideskies/Query.java ---
@@ -26,41 +26,51 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Consumer;
+import com.google.gson.annotations.Expose;
import org.apache.pirk.encryption.ModPowAbstraction;
import org.apache.pirk.serialization.Storable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Class to hold the PIR query vectors
- *
*/
+
public class Query implements Serializable, Storable
--- End diff --
I assume we can also drop ```implements Serializable``` now too, right?
This instance, and friends elsewhere.
> Remove dependency on Java serialization
> ---------------------------------------
>
> Key: PIRK-45
> URL: https://issues.apache.org/jira/browse/PIRK-45
> Project: PIRK
> Issue Type: Improvement
> Reporter: Tim Ellison
> Assignee: Walter Ray-Dulany
>
> Pirk should not depend upon Java serialization as a persistent object format.
> Maintaining support for a variety of versions of Java serialized form can be
> difficult, this includes both the querier and responder sides of a PIR.
> Alternative formats such as XML and JSON are more forgiving/extensible.
> Furthermore, and despite Pirk's trust between querier and responder, there
> are potential implications for loading the binary representation of Java's
> serialized instances as a vector for security vulnerabilities.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
