OK, I see that embedded-redis.jar is only used in the test scope, so this isn't really relevant to the convenience binaries. But I cannot in good conscience allow my NiFi users to execute these unit tests if they want to build on my corporate network.
-- Mike On Wed, Jul 19, 2017 at 2:19 PM, Michael Moser <[email protected]> wrote: > Whoa, this causes serious concerns for me. While I can understand > that the source code is the official ASF artifact, the nifi.apache.org > site provides convenience binaries which I'm sure many people use. > When NiFi 1.4.0 releases, we should write very conspicuous warnings on > the Downloads page to advise users about this. > > -- Mike > > > On Wed, Jul 19, 2017 at 2:04 PM, Joe Witt <[email protected]> wrote: >> It is not a problem. It would be an issue if those were part of our >> source release which is the official apache release artifact. >> >> >> >> On Wed, Jul 19, 2017 at 1:58 PM, Joe Skora <[email protected]> wrote: >>> I noticed a new jar dependency for Redis includes binaries. >>> >>> $ jar -xf >>>> ~/.m2/repository/com/github/kstyrc/embedded-redis/0.6/embedded-redis-0.6.jar >>>> $ ls -l >>>> total 6292 >>>> drwxr-xr-x. 3 user1 users 36 Apr 12 2015 META-INF/ >>>> drwxr-xr-x. 3 user1 users 21 Apr 12 2015 redis/ >>>> -rw-r--r--. 1 user1 users 4236300 Apr 12 2015 redis-server-2.8.19 >>>> -rw-r--r--. 1 user1 users 806944 Apr 12 2015 redis-server-2.8.19.app >>>> -rw-r--r--. 1 user1 users 1392640 Apr 12 2015 redis-server-2.8.19.exe >>>> $ file redis-server* >>>> redis-server-2.8.19: ELF 64-bit LSB executable, x86-64, version 1 >>>> (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, >>>> BuildID[sha1]=c59ab61e1d5b94e26d079b04e9e593b6be3f0230, not stripped >>>> redis-server-2.8.19.app: Mach-O 64-bit executable >>>> redis-server-2.8.19.exe: PE32+ executable (console) x86-64, for MS Windows >>>> >>> >>> So, installing NiFi will include externally built binaries, not just >>> scripts but full ELF, MacOS, and Windows PE binaries. >>> >>> Is this a problem for Apache? Does this cause concern for anyone else? >>> >>> Regards, >>> Joe
