rusackas commented on PR #40673: URL: https://github.com/apache/superset/pull/40673#issuecomment-4699408245
@sha174n Good catch on the stale revision id, synced the description to the actual file (`78a40c08b4be`). The TOCTOU point is the interesting one. You're right that verifying on a probe and then tunneling on a fresh connection leaves the DNS-reresolution and selective-interception gaps open. Reading the forwarder's own transport key after `open_tunnel` and tearing down on mismatch sounds like the right move... let me dig into whether `sshtunnel` exposes that transport cleanly before I rework it. Will circle back. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
