[bug#53765] [PATCH 12/17] gnu: Add clojure-com-cognitect-http-client.

[Reily Siegel]

Maxime Devos <maximedevos@telenet.be> writes:

> A web page from cognitect telling ‘grab source code from Maven
> (com/cognitect/http-client)’
I am fairly certain that this code is not officially documented and
released as a library, it is only used in internal cognitect projects.
However, this is where other, officially supported cognitect libraries
pull the source from. The dependency specification[1] for cognitect-aws-api
uses:

com.cognitect/http-client {:mvn/version "1.0.110"}

As the location to pull this dependency. Given that the dependency
resolution system uses https://repo1.maven.org/maven2/ by default (see
the file /lib/clojure/deps.edn in clojure-tools), this results in the
URL https://repo1.maven.org/maven2/com/cognitect/http-client/1.0.110.
This is one revision older than the version I use (I just grabbed the
most recent one), but if you would like me to submit a new version of
the patch using this older version instead, I have no problem with that,
and it should work just fine.

> Going over the source code to sniff things like ’Send ~/.gnupg to
> evil.com’ should be sufficient.
I have read the entire source code of the project, and can verify that
it doesn't obviously do anything like this. Not claiming that I can
guarantee that the code is bug-free, but there is nothing obviously evil
about it. The code is only ~300 lines long, and mostly wraps existing
Java APIs.

-- 
Reily Siegel

[1]: https://github.com/cognitect-labs/aws-api/blob/master/deps.edn