Yes, for sure it won't be backported until its gone through the build pipeline
and is green. Do you think I should withdraw this proposal until that process
completes?
On 5/22/20, 2:27 PM, "Owen Nichols" <onich...@pivotal.io> wrote:
In general, proposals to backport are more likely to get votes when the fix
is already on develop and has been through some testing, especially as
support/1.13 is (hopefully) getting close to RC1. We’ve already seen several
reverts on the support branch due to hasty backporting...
I’d love to see this fix make it into 1.13 and will be happy to add my
endorsement first thing next week assuming it gets into develop before the
weekend.
> On May 22, 2020, at 1:39 PM, Bruce Schuchardt <bschucha...@gmail.com>
wrote:
>
> Sorry about the weird link - this is PR 5131
>
>
>
>
> On 5/22/20, 1:33 PM, "Bruce Schuchardt" <bschucha...@gmail.com> wrote:
>
> I’ve been asked to propose backporting these changes to the 1.13
branch. This is a security issue – endpoint verification in servers is
currently broken. That is, if you enable it you’re unable to start up a
cluster.
>
>
>
> Endpoint verification requires the server-side of a tcp/ip connection
to present a certificate that identifies the server by hostname. The client
then checks that hostname against what it expects as part of the TLS (“SSL”)
handshake.
>
>
>
>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fgeode%2Fpull%2F5131&data=02%7C01%7Cbruces%40vmware.com%7C2af7dd5e1f6f4d31fd5708d7fe96de67%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637257796239130863&sdata=G2PgcFaI8p%2F9tN1MXKRt%2FSBPdDBZRkJV2Faj7ygDFSY%3D&reserved=0
>
>
>
>
>
>
