steveloughran commented on issue #15417: URL: https://github.com/apache/iceberg/issues/15417#issuecomment-3950949435
Having drafted a PR I realise that some headers *must* be promoted to unsigned, specifically the if-match, if-none-match and version, as these may change for head/get requests on the same object. Encryption settings could also vary per fs instance, for any client actually setting them. Currently S3FileIO in iceberg-aws assumes all settings, including endpoint and auth are the same for every instance. If they aren't, whichever instance signs a request first grants access with that same signature to the same object to all other instance. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
