[
https://issues.apache.org/jira/browse/ZOOKEEPER-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15179013#comment-15179013
]
Eric Yang commented on ZOOKEEPER-1604:
--------------------------------------
There are 4 people expressed interest to keep this in source code. Yet,
Cloudera push in changes regardless of people protest against this issue. This
is a sad day for Apache community. In addition, Bigtop contains
/lib/lsb/init-functions which will import redhat-lsb-core which imports exim.
Exim is known for common root escalation vulnerability. If you value your
cluster security, I would recommend to think twice before using BigTop.
> remove rpm/deb/... packaging
> ----------------------------
>
> Key: ZOOKEEPER-1604
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1604
> Project: ZooKeeper
> Issue Type: Task
> Components: build
> Affects Versions: 3.3.0
> Reporter: Patrick Hunt
> Assignee: Chris Nauroth
> Fix For: 3.5.2, 3.6.0
>
> Attachments: ZOOKEEPER-1604.001.patch, ZOOKEEPER-1604.patch
>
>
> Remove rpm/deb/... packaging from our source repo. Now that BigTop is
> available and fully supporting ZK it's no longer necessary for us to attempt
> to include this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
