milleruntime commented on PR #2777: URL: https://github.com/apache/accumulo/pull/2777#issuecomment-1155498652
> > The question would be, if keeping the class serializable exposes a possible security flaw... is it worth breaking any serialization that a user may be using? > > Is there a security flaw? I don't know. > I believe the solution for #2776 in regards to this class is to mark these fields as `transient` That may be a better fix. But I think this would still break the serialization if a user extended Authorizations. I am going to write a test to experiment. My point being, if we are going to break the serialization to fix the warning, lets just get rid of it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
