[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17012773#comment-17012773
]
ASF subversion and git services commented on SOLR-14158:
--------------------------------------------------------
Commit 6fb085943c6e9c6f82db67c6ccfe641e64e1899e in lucene-solr's branch
refs/heads/gradle-master from Ishan Chattopadhyaya
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=6fb0859 ]
SOLR-14158: Package manager to read keys from package store, not ZK
> package manager to read keys from packagestore and not ZK
> ----------------------------------------------------------
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
> Affects Versions: 8.4
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Blocker
> Labels: packagemanager
> Fix For: 8.4.1
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store.
> This will
> * Have a special directory called {{_trusted_}} . Direct writes are forbidden
> to that directory over http
> * The CLI directly writes to the keys to
> {{<SOLR_HOME>/filestore/_trusted_/keys/}} directory. Other nodes are asked to
> fetch the public key files from that node
> * Package artifacts will continue to be uploaded over http
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
