[
https://issues.apache.org/jira/browse/MNG-8471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17916093#comment-17916093
]
Tamas Cservenak commented on MNG-8471:
--------------------------------------
It's much more subtle than that IMHO. And MITM is not alleviated at all by
HTTPS, you trust it only as cert of site is trusted (so browser shows you a
padlock next to URL). But how many you really check/verify the cert of remote
site?
Would you figure "there is a problem" if your laptop would be redirected via
HTTPS proxy that "repackages" SSL traffic with a cert that was sneaked into
your /etc/ssl/certs, so "padlock" is still there? Moreover, there are companies
actually doing this, shipping dev laptops with their own certs and proxies, and
forcing all HTTP/HTTPS traffic via their own gateways using their own certs...
but this is really off topic for this issue.
Agreed, but I meant "FOSS" as opposite to "commercial software", and not "free
software" (as a beer).
> library load disallowed by system policy on Mac
> ------------------------------------------------
>
> Key: MNG-8471
> URL: https://issues.apache.org/jira/browse/MNG-8471
> Project: Maven
> Issue Type: Bug
> Affects Versions: 4.0.0-rc-2
> Reporter: Elliotte Rusty Harold
> Priority: Blocker
> Attachments: Screenshot 2024-12-25 at 6.10.01 PM.png
>
>
> On a Mac with Sequoia 15.1.1 running the binary 4.0-RC2 release to "mvn clean
> verify" the maven-compiler-plugin
> {code}
> WARNING: Failed to load native library:libjlinenative.jnilib. osinfo:
> Mac/arm64 (caused by: java.lang.UnsatisfiedLinkError:
> /opt/java/apache-maven-4.0.0-rc-2/lib/jline-native/Mac/arm64/libjlinenative.jnilib:
>
> dlopen(/opt/java/apache-maven-4.0.0-rc-2/lib/jline-native/Mac/arm64/libjlinenative.jnilib,
> 0x0001): tried:
> '/opt/java/apache-maven-4.0.0-rc-2/lib/jline-native/Mac/arm64/libjlinenative.jnilib'
> (code signature in <E83722FF-713D-3654-A603-EEBC715887FE>
> '/opt/java/apache-maven-4.0.0-rc-2/lib/jline-native/Mac/arm64/libjlinenative.jnilib'
> not valid for use in process: library load disallowed by system policy),
> '/System/Volumes/Preboot/Cryptexes/OS/opt/java/apache-maven-4.0.0-rc-2/lib/jline-native/Mac/arm64/libjlinenative.jnilib'
> (no such file),
> '/opt/java/apache-maven-4.0.0-rc-2/lib/jline-native/Mac/arm64/libjlinenative.jnilib'
> (code signature in <E83722FF-713D-3654-A603-EEBC715887FE>
> '/opt/java/apache-maven-4.0.0-rc-2/lib/jline-native/Mac/arm64/libjlinenative.jnilib'
> not valid for use in process: library load disallowed by system policy),
> enable debug logging for stacktrace)
> {code}
> The build still seems to complete normally.
> openjdk version "17.0.12" 2024-07-16
> OpenJDK Runtime Environment Homebrew (build 17.0.12+0)
> OpenJDK 64-Bit Server VM Homebrew (build 17.0.12+0, mixed mode, sharing)
> Further, this isn't just a warning on the console. The mac actually pops up
> two alert dialogs to warn about this problem that user must click away during
> the build.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
