Vladimir Sitnikov created AURORA-1997:
-----------------------------------------
Summary: Consider using checksum-dependency-plugin for dependency
verification
Key: AURORA-1997
URL: https://issues.apache.org/jira/browse/AURORA-1997
Project: Aurora
Issue Type: Story
Components: Build, Scheduler, Security
Reporter: Vladimir Sitnikov
gradle-witness \[1\] aims to provide insulation against MITM attacks via maven
dependency downloads. From the looks of things, it would require a pretty
small amount of upfront work and upkeep to integrate this and prevent injection
of rogue code.
\[1\] https://github.com/whispersystems/gradle-witness
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
