Hi PMCs & Everyone,
There are a number of significant, complex and overlapping efforts
underway to improve the Hadoop security model. Many involved are
struggling to form this into a cohesive whole across the numerous Jiras
and within the traffic of common-dev. There has been a suggestion made
that having two additional pieces of infrastructure might help.
1) Establish a security-dev mailing list similar to hdfs-dev, yarn-dev,
mapreduce-dev, etc. that would help us have more focused interaction on
non-vulnerability security topics. I understand that this might
"devalue" common-dev somewhat but the benefits might outweigh that.
2) Establish a corner of the wiki were cross cutting security design
could be worked out more collaboratively than a doc rev upload
mechanism. I fear if we don't have this we will end up collaborating
outside Apache infrastructure which seems inappropriate. I understand
the risk of losing context in the individual Jiras but again my sense is
that the cohesiveness provided will outweigh the risk.
I'm open to and interested in other suggestions for how others have
solved these types of cross cutting collaboration challenges.
Thanks.
Kevin.
- Fostering a Hadoop security dev community Kevin Minder
-
