non-free file; privacy breach #379
Comments
|
That comment refers to the javascript file included on the next line. This is a standard practice for properly attributing included JS files that may or may not include an in-line attribution. |
|
Scope of the comment is very ambiguous. It is not clear at all where it applies (to included file above the comment or below it or to the whole |
|
Hi @onlyjob like @jeskew mentioned the comment refers to the content under the comment which is a standard practice attributing third party content. The linked third party script is not included with the SDK, and is a runtime dependency of the generated API documentation available at http://docs.aws.amazon.com/sdk-for-go/api/ Please contact us directly, and reference this github issue, at aws-security@amazon.com with any additional information about your concerns of privacy breach and unsafeness of the third party library. |
|
Thanks, @jasdel. As for https://media.amazonwebservices.com/js/sitecatalyst/s_code.min.js, it is minified obfuscated code which is very hard to review and nearly impossible to modify. There are general concerns about safety of such code because of difficulties to review it. Lately it was demonstrated how minification itself can be exploited to produce an attack vector. Finally minification is generally unnecessary and even harmful -- here you can read some arguments against minification: https://wiki.debian.org/onlyjob/no-minification. Finally from open source software prospective it is a bad practice to rely upon or use proprietary components even if they are not a part of SDK. |
|
Hi @onlyjob, thanks for the feedback. I'm going to close this issue since the third party library is attributed, and not used within the SDK. But only within the SDK's API documentation which is also external to the SDK. |
|
But it is part of the SDK as the file in question ships with SDK. |
|
@onlyjob, I'm not sure I understand the issue that would prevent including the SDK in a Debian package. The third party js file is not included within the SDK's repository. It is only referenced in a html template file, which is not used by the SDK it self and only used as a template to generate API documentation. |
Adds missing sdk error checking when seeking readers. Also adds support for nonseekable io.Reader and support for streamed payloads for unsigned body request. Fixes aws#371
Services --- * Synced the V2 SDK with latest AWS service API definitions. SDK Enhancements --- * `aws/endpoints`: Expose DNSSuffix for partitions ([aws#369](aws/aws-sdk-go-v2#369)) * Exposes the underlying partition metadata's DNSSuffix value via the `DNSSuffix` method on the endpoint's `Partition` type. This allows access to the partition's DNS suffix, e.g. "amazon.com". * Fixes [aws#347](aws/aws-sdk-go-v2#347) * `private/protocol`: Add support for parsing fractional timestamp ([aws#367](aws/aws-sdk-go-v2#367)) * Fixes the SDK's ability to parse fractional unix timestamp values and adds tests. * Fixes [aws#365](aws/aws-sdk-go-v2#365) * `aws/ec2metadata`: Add marketplaceProductCodes to EC2 Instance Identity Document ([aws#374](aws/aws-sdk-go-v2#374)) * Adds `MarketplaceProductCodes` to the EC2 Instance Metadata's Identity Document. The ec2metadata client will now retrieve these values if they are available. * Related to: [aws#2781](aws#2781) * `aws`: Adds configurations to the default retryer ([aws#375](aws/aws-sdk-go-v2#375)) * Provides more customization options for retryer by adding a constructor for default Retryer which accepts functional options. Adds NoOpRetryer to support no retry behavior. Exposes members of default retryer. * Updates the underlying logic used by the default retryer to calculate jittered delay for retry. Handles int overflow for retry delay. * Fixes [aws#370](aws/aws-sdk-go-v2#370) * `aws` : Refactors request retry behavior path logic ([aws#384](aws/aws-sdk-go-v2#384)) * Retry utilities now follow a consistent code path. aws.IsErrorRetryable is the primary entry point to determine if a request is retryable. * Corrects sdk's behavior by not retrying errors with status code 501. Adds support for retrying the Kinesis API error, LimitExceededException. * Fixes [aws#372](aws/aws-sdk-go-v2#372), [aws#145](aws/aws-sdk-go-v2#145) SDK Bugs --- * `aws`: Fixes bug in calculating throttled retry delay ([aws#373](aws/aws-sdk-go-v2#373)) * The `Retry-After` duration specified in the request is now added to the Retry delay for throttled exception. Adds test for retry delays for throttled exceptions. Fixes bug where the throttled retry's math was off. * Fixes [aws#45](aws/aws-sdk-go-v2#45) * `aws` : Adds missing sdk error checking when seeking readers ([aws#379](aws/aws-sdk-go-v2#379)) * Adds support for nonseekable io.Reader. Adds support for streamed payloads for unsigned body request. * Fixes [aws#371](aws/aws-sdk-go-v2#371) * `service/s3` : Fixes unexpected EOF error by s3manager ([aws#386](aws/aws-sdk-go-v2#386)) * Fixes bug which threw unexpected EOF error when s3 upload is performed for a file of maximum allowed size * Fixes [aws#316](aws/aws-sdk-go-v2#316) * `private/model` : Fixes generated API Reference docs links being invalid ([387](aws/aws-sdk-go-v2#387)) * Fixes [aws#327](aws/aws-sdk-go-v2#327)
File doc-src/plugin/templates/default/layout/html/footer.erb contains
Copyright 1996-2012 Adobe, Inc. All Rights Reserved.without grant of license hence it appears to be proprietary.Please remove this file or clarify its license with copyright holder.
Also there are "privacy breach" concerns due to references to (unsafe) 3rd party resources.
Thanks.
The text was updated successfully, but these errors were encountered: