Skip to content

Security: steveloughran/cloudstore

SECURITY.md

Security Policy

Supported Versions

None. You are on your own. Sorry.

(this isn't quite true...so do ask: bugs will be fixed on a best-effort basis)

Reporting a Vulnerability

  • file an issue
  • if you have a fix, file a PR
  • if the issue is in hadoop, file an apache JIRA.
  • if the issue is in an transient dependency of hadoop, see Transitive Issues then solve the entire software-versioning problem in java. please.

This library is actually written by Hadoop committers at cloudera; if you are using Apache Hadoop -you are already running our code.

The builds take place on our local machines, reading in all dependencies from our private maven artifact server -the same one used for all cloudera releases.

The maven binaries used are pulled direct from apache, with their GPG signatures checked before installation.

This means the risk of supply chain attack or deliberate malicious code is pretty low.

There aren’t any published security advisories