[
https://issues.apache.org/jira/browse/DRILL-7270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16895032#comment-16895032
]
Dmytriy Grinchenko commented on DRILL-7270:
-------------------------------------------
The most changes have been done and tested in the attached branch "[DRILL-7270
Working branch|https://github.com/dgrinchenko/drill/commits/DRILL-7270]";.
However several repositories failed to provide proper https certificate and
causes artifact download issue. After introducing jitpack, only one repo left
and i'm working in direction to verify, if we still need to use this repo.
Meanwhile, request to fix the https certificate has been posted to the
repository owner.
> Fix non-https dependency urls and add checksum checks
> -----------------------------------------------------
>
> Key: DRILL-7270
> URL: https://issues.apache.org/jira/browse/DRILL-7270
> Project: Apache Drill
> Issue Type: Task
> Components: Security
> Affects Versions: 1.16.0
> Reporter: Arina Ielchiieva
> Assignee: Dmytriy Grinchenko
> Priority: Major
> Fix For: 1.17.0
>
>
> Review any build scripts and configurations for insecure urls and make
> appropriate fixes to use secure urls.
> Projects like Lucene do checksum whitelists of all their build dependencies,
> and you may wish to consider that as a
> protection against threats beyond just MITM.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
