Uploaded image for project: 'MariaDB ColumnStore'
  1. MariaDB ColumnStore
  2. MCOL-5880

23.10.3 adds a random file from the internet as a new dependency

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • None
    • 23.10.3
    • Build
    • None

    Description

      23.10.3 adds a dependency on CLI11.

      Problems:

      • This is a new dependency
      • it's not needed, there are tons of options already (getopt, my_getopt, boost, whatever)
      • it's done by downloading a random file from the internet without as much as verifying a hash
      • it's done by downloading a random file from the internet during the build, so won't build without internet
      • SBOM cannot account for it, because the file content isn't validated
      • the license says Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution but it is not done.

      The easiest way to fix it is to include the file into the source repo and add the license to the binary distribution.

      A proper way to fix it would be to use boost instead

      Attachments

        Activity

          People

            drrtuy Roman
            serg Sergei Golubchik
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.