[
https://issues.apache.org/jira/browse/HDFS-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14507663#comment-14507663
]
Ravi Prakash commented on HDFS-3135:
------------------------------------
I just read
http://www.vitavonni.de/blog/201503/2015031201-the-sad-state-of-sysadmin-in-the-age-of-containers.html
. Among other things, it reminded me of this issue also. We don't use https
(even though the URL works with it) for downloading. I would be inclined to
simply copy the tomcat tarball into the git repo.
https://wiki.apache.org/hadoop/HowToRelease doesn't call out any special
precautions for pulling in these dependencies either.
I wish I understood Maven dependency management more and the security
implications. Any ideas, pointers and thoughts would be welcome.
> Build a war file for HttpFS instead of packaging the server (tomcat) along
> with the application.
> ------------------------------------------------------------------------------------------------
>
> Key: HDFS-3135
> URL: https://issues.apache.org/jira/browse/HDFS-3135
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: build
> Affects Versions: 0.23.2
> Reporter: Ravi Prakash
> Labels: build
>
> There are several reason why web applications should not be packaged along
> with the server that is expected to serve them. For one not all organisations
> use vanilla tomcat. There are other reasons I won't go into.
> I'm filing this bug because some of our builds failed in trying to download
> the tomcat.tar.gz file. We then had to manually wget the file and place it in
> downloads/ to make the build pass. I suspect the download failed because of
> an overloaded server (Frankly, I don't really know). If someone has ideas,
> please share them.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
