[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17008755#comment-17008755
]
Jan Høydahl commented on SOLR-14158:
------------------------------------
This should go in 8.5 and not be a blocker. It has ALWAYS been the case that a
production Solr cluster needs a secure Zookeeper one way or another. Nothing
has changed here.
> package manager to read keys from packagestore and not ZK
> ----------------------------------------------------------
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
> Affects Versions: 8.4
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Blocker
> Labels: packagemanager
> Fix For: 8.4.1
>
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store.
> This will
> * Have a special directory called {{_trusted_}} . Direct writes are forbidden
> to that directory over http
> * The CLI directly writes to the keys to
> {{<SOLR_HOME>/filestore/_trusted_/keys/}} directory. Other nodes are asked to
> fetch the public key files from that node
> * Package artifacts will continue to be uploaded over http
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
