kou commented on PR #34048: URL: https://github.com/apache/arrow/pull/34048#issuecomment-1423724786
Upgrading aws-sdk-cpp doesn't solve the problem. > Could we bundle openssl rather than require it from the system? I think the answer from last time I asked this was "no because security", but also as I understand it, the python wheels include openssl in them. Hmm. I want to stop bundling OpenSSL in wheel because we can't release a fixed version in a timely manner for now. For example, we released 10.0.1 for https://nvd.nist.gov/vuln/detail/CVE-2022-3786 . CVE-2022-3786 was published on 2022-11-01, the 10.0.1 vote https://lists.apache.org/thread/rlkrj9lnfmwgn7kq8hvmzf06l5z6w30k was started on 2022-11-17 and the vote was carried on 2022-11-23 https://lists.apache.org/thread/ozo2k7l7jhc0wj3wsrpqgsvy4fosprv8 . Anyway, I try bundling OpenSSL. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
