dlmarion commented on issue #3086: URL: https://github.com/apache/accumulo/issues/3086#issuecomment-1321973561
I feel like the simple answer here is to just remove the Thrift profile and run Thrift during the compile phase. It only takes a couple of seconds and is dwarfed by the time it takes to run tests. Removing the contents of the directory that contain the Thrift generated code and regenerating the code should alleviate the concern about unreviewed malicious code being introduced into that directory. Using the `.gitattributes` feature I found will hide the thrift generated java files during the PR, and I think we can safely ignore them during a review. It may be the case that not everyone has Thrift installed, and I agree that it's not the easiest thing to install. I'm thinking that for this issue we create a Docker build environment that can be used locally and by the automated build systems. The Docker image would have Java, Thrift, Maven, etc installed and would build the code that is checked out on the local filesystem (see [this](https://hub.docker.com/_/maven) for an idea of what I'm thinking). This would not preclude someone from building Accumulo in the way that they want. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
