Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 576428

Summary:	Emit warning (in log) when p2 is contacting a repo with unsafe (eg http) protocol
Product:	[Eclipse Project] Equinox	Reporter:	Mickael Istria <mistria>
Component:	p2	Assignee:	Mickael Istria <mistria>
Status:	RESOLVED FIXED	QA Contact:
Severity:	enhancement
Priority:	P3	CC:	akurtakov
Version:	unspecified
Target Milestone:	4.22 M2
Hardware:	All
OS:	All
See Also:	https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/186159 https://git.eclipse.org/c/equinox/rt.equinox.p2.git/commit/?id=6dde74440392ceaedef52216f3c4483b607699bf
Whiteboard:
Bug Depends on:
Bug Blocks:	575688

Description Mickael Istria

2021-10-04 11:52:16 EDT

To make a step towards resolution of bug 575688 / CVE-2021-41033, we should start by having p2 logging a warning when an "unsafe" (eg http://...) repository is used.

Comment 1 Eclipse Genie

2021-10-05 11:36:46 EDT

New Gerrit change created: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/186159

Comment 2 Eclipse Genie

2021-10-06 08:29:29 EDT

Gerrit change https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/186159 was merged to [master].
Commit: http://git.eclipse.org/c/equinox/rt.equinox.p2.git/commit/?id=6dde74440392ceaedef52216f3c4483b607699bf

Comment 3 Alexander Kurtakov

2021-10-07 02:27:52 EDT

Mickael, please add N&N entry.