[
https://issues.apache.org/jira/browse/HADOOP-15832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16645768#comment-16645768
]
Robert Kanter commented on HADOOP-15832:
----------------------------------------
Good point [[email protected]], I hadn't thought about that. It looks like we
already have a notification about crypto export stuff in the README.txt
([https://github.com/apache/hadoop/blob/trunk/README.txt).]) and we need to
simply append some details to the bottom, right?
{noformat}
...
The following provides more details on the included cryptographic
software:
Hadoop Core uses the SSL libraries from the Jetty project written
by mortbay.org.
Hadoop Yarn Server Web Proxy uses the BouncyCastle Java
cryptography APIs written by the Legion of the Bouncy Castle Inc.
{noformat}
[[email protected]], does that sound good? Anything else that's needed? I
can make an addendum patch.
> Upgrade BouncyCastle to 1.60
> ----------------------------
>
> Key: HADOOP-15832
> URL: https://issues.apache.org/jira/browse/HADOOP-15832
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 3.3.0
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Major
> Fix For: 3.3.0
>
> Attachments: HADOOP-15832.001.patch
>
>
> As part of my work on YARN-6586, I noticed that we're using a very old
> version of BouncyCastle:
> {code:xml}
> <dependency>
> <groupId>org.bouncycastle</groupId>
> <artifactId>bcprov-jdk16</artifactId>
> <version>1.46</version>
> <scope>test</scope>
> </dependency>
> {code}
> The *-jdk16 artifacts have been discontinued and are not recommended (see
> [http://bouncy-castle.1462172.n4.nabble.com/Bouncycaslte-bcprov-jdk15-vs-bcprov-jdk16-td4656252.html]).
>
> In particular, the newest release, 1.46, is from {color:#FF0000}2011{color}!
> [https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16]
> The currently maintained and recommended artifacts are *-jdk15on:
> [https://www.bouncycastle.org/latest_releases.html]
> They're currently on version 1.60, released only a few months ago.
> We should update BouncyCastle to the *-jdk15on artifacts and the 1.60
> release. It's currently a test-only artifact, so there should be no
> backwards-compatibility issues with updating this. It's also needed for
> YARN-6586, where we'll actually be shipping it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
