Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 576428

Summary: Emit warning (in log) when p2 is contacting a repo with unsafe (eg http) protocol
Product: [Eclipse Project] Equinox Reporter: Mickael Istria <mistria>
Component: p2Assignee: Mickael Istria <mistria>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: P3 CC: akurtakov
Version: unspecified   
Target Milestone: 4.22 M2   
Hardware: All   
OS: All   
See Also: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/186159
https://git.eclipse.org/c/equinox/rt.equinox.p2.git/commit/?id=6dde74440392ceaedef52216f3c4483b607699bf
Whiteboard:
Bug Depends on:    
Bug Blocks: 575688    

Description Mickael Istria CLA 2021-10-04 11:52:16 EDT
To make a step towards resolution of bug 575688 / CVE-2021-41033, we should start by having p2 logging a warning when an "unsafe" (eg http://...) repository is used.
Comment 1 Eclipse Genie CLA 2021-10-05 11:36:46 EDT
New Gerrit change created: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/186159
Comment 3 Alexander Kurtakov CLA 2021-10-07 02:27:52 EDT
Mickael, please add N&N entry.