[jira] [Updated] (AURORA-616) Consider using gradle-witness to verify dependencies

Kevin Sweeney (JIRA) Tue, 29 Jul 2014 12:07:17 -0700

     [ 
https://issues.apache.org/jira/browse/AURORA-616?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kevin Sweeney updated AURORA-616:
---------------------------------

    Component/s: Security

> Consider using gradle-witness to verify dependencies
> ----------------------------------------------------
>
>                 Key: AURORA-616
>                 URL: https://issues.apache.org/jira/browse/AURORA-616
>             Project: Aurora
>          Issue Type: Story
>          Components: Build, Scheduler, Security
>            Reporter: Bill Farner
>            Priority: Trivial
>              Labels: newbie
>
> gradle-witness \[1\] aims to provide insulation against MITM attacks via 
> maven dependency downloads.  From the looks of things, it would require a 
> pretty small amount of upfront work and upkeep to integrate this and prevent 
> injection of rogue code.
> \[1\] https://github.com/whispersystems/gradle-witness



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (AURORA-616) Consider using gradle-witness to verify dependencies

Reply via email to