Joe McDonnell has posted comments on this change. ( http://gerrit.cloudera.org:8080/15829 )
Change subject: IMPALA-9648: Exclude/ban netty-all from mvn download ...................................................................... Patch Set 4: (3 comments) http://gerrit.cloudera.org:8080/#/c/15829/4/fe/pom.xml File fe/pom.xml: http://gerrit.cloudera.org:8080/#/c/15829/4/fe/pom.xml@104 PS4, Line 104: <dependency> : <groupId>org.apache.hadoop</groupId> : <artifactId>hadoop-annotations</artifactId> : <version>${hadoop.version}</version> : <exclusions> : <exclusion> : <!-- IMPALA-9468: Avoid pulling in netty for security reasons --> : <groupId>io.netty</groupId> : <artifactId>*</artifactId> : </exclusion> : </exclusions> : </dependency> Maybe this is leftover from something else, but we don't want to add any dependencies. http://gerrit.cloudera.org:8080/#/c/15829/4/fe/pom.xml@783 PS4, Line 783: netty-all Something that I forgot to do in my version is we should just exclude everything from io.netty, not just io.netty.netty-all. We are already excluding all the artifacts, so the stricter ban is already fulfilled. http://gerrit.cloudera.org:8080/#/c/15829/4/fe/pom.xml@1421 PS4, Line 1421: Nit: remove this stray line. -- To view, visit http://gerrit.cloudera.org:8080/15829 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie7d61af3c10ee439ca9eef3840403229e6235c97 Gerrit-Change-Number: 15829 Gerrit-PatchSet: 4 Gerrit-Owner: David Knupp <[email protected]> Gerrit-Reviewer: David Knupp <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Comment-Date: Sat, 02 May 2020 00:17:09 +0000 Gerrit-HasComments: Yes
