Flip --incompatible_disallow_unverified_http_downloads to default to …

…true As discussed in #8607, downloading files over plain http without reasonable verification afterwards (e.g., checking the sha256 sum) is a security risk and therefore should be discouraged. Flip the the corresponding flag disallowing such downloads to true. The flag was available with default false already in 0.29, and migration was possible even before that, simply by adding known-good checksums. Change-Id: Ia3d46115996bf7b7c4aed56dcd15fa7317b5d4fa PiperOrigin-RevId: 261662705
bazelbuild · Aug 5, 2019 · 299655e · 299655e
1 parent 3ff4e21
commit 299655e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/main/java/com/google/devtools/build/lib/packages/StarlarkSemanticsOptions.java b/src/main/java/com/google/devtools/build/lib/packages/StarlarkSemanticsOptions.java
@@ -455,7 +455,7 @@ public class StarlarkSemanticsOptions extends OptionsBase implements Serializabl
 
   @Option(
       name = "incompatible_disallow_unverified_http_downloads",
-      defaultValue = "false",
+      defaultValue = "true",
       documentationCategory = OptionDocumentationCategory.STARLARK_SEMANTICS,
       effectTags = {OptionEffectTag.LOADING_AND_ANALYSIS},
       metadataTags = {

diff --git a/src/main/java/com/google/devtools/build/lib/syntax/StarlarkSemantics.java b/src/main/java/com/google/devtools/build/lib/syntax/StarlarkSemantics.java
@@ -278,7 +278,7 @@ public static Builder builderWithDefaults() {
           .incompatibleDisallowOldStyleArgsAdd(true)
           .incompatibleDisallowRuleExecutionPlatformConstraintsAllowed(false)
           .incompatibleDisallowStructProviderSyntax(false)
-          .incompatibleDisallowUnverifiedHttpDownloads(false)
+          .incompatibleDisallowUnverifiedHttpDownloads(true)
           .incompatibleExpandDirectories(true)
           .incompatibleNewActionsApi(true)
           .incompatibleNoAttrLicense(true)