Olaf Flebbe commented on ZOOKEEPER-2594:

Regarding Tests: One cannot state a difference in the PreCommit Output since 
the artifacts have been cached by previous runs of the build.  In order to see 
the patch working one has to create a clean working environment. I am attaching 
a compile.log where you can see the  https:// URI rather http://

> Use TLS for downloading artifacts during build
> ----------------------------------------------
>                 Key: ZOOKEEPER-2594
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2594
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: build
>    Affects Versions: 3.4.9, 3.5.2
>            Reporter: Olaf Flebbe
>            Assignee: Olaf Flebbe
>            Priority: Blocker
>              Labels: security
>             Fix For: 3.4.10, 3.5.3, 3.6.0
>         Attachments: 0001-ZOOKEEPER-2594-Use-TLS-for-downloading.patch, 
> ZOOKEEPER-2594.patch, compile.log
> Zookeeper builds are downloading dependencies using the insecure http:// 
> protocol. 
> An outdated java.net repository can be removed now, since its content is now 
> on maven.org.
> The https://repo2.maven.org cannot be used, since its certificate is invalid. 
> Use repo1.maven.org instead (IMHO this is intentional).
> Appended you'll find a proposed patch (against git head) to fix these issues, 
> for a starter.

This message was sent by Atlassian JIRA

Reply via email to