[FLINK-4732] remove maven junction plugin

On Windows, the plugin downloads and executes code from the author's web site. The downloaded file is not signed in the same way as Maven artifacts from Maven central which have to be signed with the developer's key. This could be a potential target for attackers. This closes apache#2586
iralls · Oct 4, 2016 · 5a573c6 · 5a573c6
1 parent eece0dd
commit 5a573c6
Showing 1 changed file with 0 additions and 29 deletions.
diff --git a/flink-dist/pom.xml b/flink-dist/pom.xml
@@ -268,35 +268,6 @@ under the License.
 				</configuration>
 			</plugin>
 
-			<!-- create a symbolic link to the build target in the root directory -->
-			<plugin>
-				<groupId>com.pyx4j</groupId>
-				<artifactId>maven-junction-plugin</artifactId>
-				<version>1.0.3</version>
-				<executions>
-					<execution>
-						<phase>package</phase>
-						<goals>
-							<goal>link</goal>
-						</goals>
-					</execution>
-					<execution>
-						<id>unlink</id>
-						<phase>pre-clean</phase>
-						<goals>
-							<goal>unlink</goal>
-						</goals>
-					</execution>
-				</executions>
-				<configuration>
-					<links>
-						<link>
-							<dst>${project.basedir}/../build-target</dst>
-							<src>${project.basedir}/target/flink-${project.version}-bin/flink-${project.version}</src>
-						</link>
-					</links>
-				</configuration>
-			</plugin>
 		</plugins>
 	</build>
 </project>