[
https://issues.apache.org/jira/browse/HADOOP-11906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14529703#comment-14529703
]
Sean Busbey commented on HADOOP-11906:
--------------------------------------
We're already executing arbitrary changes to the maven pom, which can easily
call arbitrary shell commands. I'd say vulnerabilities in the GNU file command
are obviated by the security concerns inherent in what we're already doing.
> test-patch.sh should use 'file' command for patch determinism
> -------------------------------------------------------------
>
> Key: HADOOP-11906
> URL: https://issues.apache.org/jira/browse/HADOOP-11906
> Project: Hadoop Common
> Issue Type: Test
> Reporter: Allen Wittenauer
> Assignee: Sean Busbey
>
> test-patch.sh currently restricts patches to the extension .patch. It might
> be useful to also check if the file command says it is a diff. This would
> allow us to determine if files that end in .txt are actually patches.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
