Re: Proposal of an encryption module in solr-sandbox

I'm sorry to have moved the discussion into the package manager tangent. Let's focus on the encryption module that was originally proposed in this thread, and discuss the package manager separately. On Sun, 19 Mar, 2023, 1:19 am Gus Heck, wrote: > Downloading executable code is not evil in every

Re: [DISCUSS] Solr 9.2 Release

Remember to merge https://github.com/apache/solr/pull/1436 I can do it if you wish but it ties in with other changes syncing I guess. Jan Høydahl > 18. mar. 2023 kl. 18:39 skrev Shawn Heisey : > > On 3/15/23 08:58, Houston Putman wrote: >> - SOLR-9168

Re: Proposal of an encryption module in solr-sandbox

Downloading executable code is not evil in every scenario. IMHO, What we should be avoiding is A) allowing this by default, and B) The first, most simple way of enabling it should involve designating specific locations that the *user* configuring solr trusts and require establishment of trust (via

Re: [DISCUSS] Solr 9.2 Release

On 3/15/23 08:58, Houston Putman wrote: - SOLR-9168 : It looks like this has a patch, that was +1'ed by Kevin, but it hasn't had movement since October. - SOLR-8803 (assigned to Shawn): This has

Re: Proposal of an encryption module in solr-sandbox

On 3/15/23 13:52, Jan Høydahl wrote: There's a catch-22 here. Enterprises that require encryption at rest likely won't tolerate enabling a package manager that lets you download executable code from the internet during runtime, especially when that package manager is both home-grown, and largel