RussellSpitzer commented on code in PR #7770:
URL: https://github.com/apache/iceberg/pull/7770#discussion_r1543263029
##########
core/src/main/java/org/apache/iceberg/SnapshotParser.java:
##########
@@ -93,6 +95,16 @@ static void toJson(Snapshot snapshot, JsonGenerator
generator) throws IOExceptio
generator.writeNumberField(SCHEMA_ID, snapshot.schemaId());
}
+ if (snapshot.manifestListKeyMetadata() != null) {
+ generator.writeStringField(MANIFEST_LIST_KEY_METADATA,
snapshot.manifestListKeyMetadata());
+ }
+
+ // TODO discuss: do we need to sign the size value? Or sign the whole
snapshot?
Review Comment:
How would this attack work? Wouldn't the user also need the key to encrypt
the replacement files? I thought we were storing the metadata.json key in the
catalog so an attacker could replace everything but still not be able to trick
a client using the catalog.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
