On Sun, Mar 13, 2016 at 06:52PM, Olaf Flebbe wrote: > Hi, > > This is hilarious, exim is not installed by bigtop. I advised him not to use > java at all, since it has a much larger attack surface .
Check and mate! Well done, and thanks for weighing in! I guess we can put it at rest, as his complains will go on forever, as we can already see in that JIRA. Perhaps, he should install some gvmt approved version of Windows and be happy with that. RIP Cos > I will not feed him with more. > > Olaf > > > > Am 13.03.2016 um 05:30 schrieb Roman Shaposhnik <[email protected]>: > > > > Hi! > > > > our good friend Eric Yang has been at it again: spreading > > FUD about Bigtop: https://s.apache.org/KglM > > > > Nothing new, aside from this quote: > > ==================================================== > > Bigtop contains /lib/lsb/init-functions which will import redhat-lsb-core > > which imports exim. Exim is known for common root escalation > > vulnerability. If you value your cluster security, I would recommend to > > think twice before using BigTop. > > ==================================================== > > > > Could someone who's dealt with security for real (Olaf -- your > > name came to mind immediately) please comment on that > > JIRA thread? > > > > Typically I wouldn't feed Eric 'the troll' Yang, but I think having > > this type of allegation in a public record could be pretty bad for > > us. > > > > Thanks, > > Roman. >
signature.asc
Description: Digital signature
