pjfanning opened a new issue, #149: URL: https://github.com/apache/incubator-resilientdb/issues/149
Shouldn't these files be generated uniquely by the build as opposed to having hardcoded files checked in. Couldn't it be a security issue if someone deploys your app and uses these keys or certs? It is not ideal to include any binary files in a release of an Apache project. Reviewers will find them and start asking why they are there. You cannot include compiled artifacts in a source release so ASF contributors are looking for binary files to see if there is anything untoward. ``` ./scripts/deploy/data/cert/node6.key.key.pri ./scripts/deploy/data/cert/node6.key.key.pub ./scripts/deploy/data/cert/node6.key.pri ./scripts/deploy/data/cert/node6.key.pub ./scripts/deploy/data/cert/node7.key.key.pri ./scripts/deploy/data/cert/node7.key.key.pub ./scripts/deploy/data/cert/node7.key.pri ./scripts/deploy/data/cert/node7.key.pub ./scripts/deploy/data/cert/node8.key.key.pri ./scripts/deploy/data/cert/node8.key.key.pub ./scripts/deploy/data/cert/node8.key.pri ./scripts/deploy/data/cert/node8.key.pub ./scripts/deploy/data/cert/node9.key.key.pri ./scripts/deploy/data/cert/node9.key.key.pub ./scripts/deploy/data/cert/node9.key.pri ./scripts/deploy/data/cert/node9.key.pub ./service/tools/data/cert/node6.key.key.pri ./service/tools/data/cert/node6.key.key.pub ./service/tools/data/cert/node6.key.pri ./service/tools/data/cert/node6.key.pub ./service/tools/data/cert/node7.key.key.pri ./service/tools/data/cert/node7.key.key.pub ./service/tools/data/cert/node7.key.pri ./service/tools/data/cert/node7.key.pub ./service/tools/data/cert/node8.key.key.pri ./service/tools/data/cert/node8.key.key.pub ./service/tools/data/cert/node8.key.pri ./service/tools/data/cert/node8.key.pub ./service/tools/data/cert/node9.key.key.pri ./service/tools/data/cert/node9.key.key.pub ./service/tools/data/cert/node9.key.pri ./service/tools/data/cert/node9.key.pub ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
