Hi, This is hilarious, exim is not installed by bigtop. I advised him not to use java at all, since it has a much larger attack surface .
I will not feed him with more. Olaf > Am 13.03.2016 um 05:30 schrieb Roman Shaposhnik <[email protected]>: > > Hi! > > our good friend Eric Yang has been at it again: spreading > FUD about Bigtop: https://s.apache.org/KglM > > Nothing new, aside from this quote: > ==================================================== > Bigtop contains /lib/lsb/init-functions which will import redhat-lsb-core > which imports exim. Exim is known for common root escalation > vulnerability. If you value your cluster security, I would recommend to > think twice before using BigTop. > ==================================================== > > Could someone who's dealt with security for real (Olaf -- your > name came to mind immediately) please comment on that > JIRA thread? > > Typically I wouldn't feed Eric 'the troll' Yang, but I think having > this type of allegation in a public record could be pretty bad for > us. > > Thanks, > Roman.
signature.asc
Description: Message signed with OpenPGP using GPGMail
