Abhishekmishra2808 commented on issue #556: URL: https://github.com/apache/tooling-trusted-releases/issues/556#issuecomment-3770093997
Hi @andrewmusselman, I have just introduced myself on the dev@tooling mailing list (as Abhishek Mishra) and wanted to claim this issue. I’ve reviewed the requirements in the description and have a clear plan to address the L1 Security/SSL concerns: - Narrow Exceptions: Replace the broad except Exception in jwtoken.py with specific aiohttp.ClientError and asyncio.TimeoutError blocks. - Increase Timeout: Bump the discovery timeout from 5s to 10s. - Explicit Logging: Add log.error calls for SSL/connection failures so they are no longer silent. - Error Propagation: Ensure ASFQuartException is raised correctly to prevent insecure fallbacks. I’m ready to submit a PR for review—could you please assign this to me? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
