GNU bug report logs -
#53765
[PATCH 00/17] Remove limitations on clojure-tools
Previous Next
Full log
Message #107 received at 53765 <at> debbugs.gnu.org (full text, mbox):
Maxime Devos <maximedevos <at> telenet.be> writes:
> A web page from cognitect telling ‘grab source code from Maven
> (com/cognitect/http-client)’
I am fairly certain that this code is not officially documented and
released as a library, it is only used in internal cognitect projects.
However, this is where other, officially supported cognitect libraries
pull the source from. The dependency specification[1] for cognitect-aws-api
uses:
com.cognitect/http-client {:mvn/version "1.0.110"}
As the location to pull this dependency. Given that the dependency
resolution system uses https://repo1.maven.org/maven2/ by default (see
the file /lib/clojure/deps.edn in clojure-tools), this results in the
URL https://repo1.maven.org/maven2/com/cognitect/http-client/1.0.110.
This is one revision older than the version I use (I just grabbed the
most recent one), but if you would like me to submit a new version of
the patch using this older version instead, I have no problem with that,
and it should work just fine.
> Going over the source code to sniff things like ’Send ~/.gnupg to
> evil.com’ should be sufficient.
I have read the entire source code of the project, and can verify that
it doesn't obviously do anything like this. Not claiming that I can
guarantee that the code is bug-free, but there is nothing obviously evil
about it. The code is only ~300 lines long, and mostly wraps existing
Java APIs.
--
Reily Siegel
[1]: https://github.com/cognitect-labs/aws-api/blob/master/deps.edn
This bug report was last modified 3 years and 57 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.