On Sat, 12 Mar 2016 22:51:35 -0800 Andrew Purtell <[email protected]> wrote:
> I recall having one conversation with him when he worked at > Hortonworks (maybe still does? - I don't know) about adding a RPM > build target to HBase, which didn't make much sense for us in my > present opinion, and I believe we politely declined at the time. I > presumed he was involved with distribution packaging there. > > > > On Mar 12, 2016, at 9:31 PM, Konstantin Boudnik <[email protected]> > > wrote: > > > > Who's that fella anyway? I have a vague recollection that he was at > > Y!, walking around and whining about everything? Or was it a > > different Eric? I am getting old and want to forget all the > > unpleasant episodes in my life. > > > > Anyway, his logic is flawed and lead us to the extreme where we > > just have to stop using any software out there, because there might > > be some vulnerability. While we need to strive to make our product > > better and safer for users, there are also realities and things we > > do not control. > > > > There's quite positive part in this whole discussion: I really like > > that the other people in the ecosystem look at us as the de-facto > > focal point of the stack integration. I think the mission is > > accomplished! But let's not rest here just yet ;) > > > > Cos > > > >> On Sat, Mar 12, 2016 at 08:30PM, Roman Shaposhnik wrote: > >> Hi! > >> > >> our good friend Eric Yang has been at it again: spreading > >> FUD about Bigtop: https://s.apache.org/KglM > >> > >> Nothing new, aside from this quote: > >> ==================================================== > >> Bigtop contains /lib/lsb/init-functions which will import > >> redhat-lsb-core which imports exim. Exim is known for common root > >> escalation vulnerability. If you value your cluster security, I > >> would recommend to think twice before using BigTop. > >> ==================================================== > >> > >> Could someone who's dealt with security for real (Olaf -- your > >> name came to mind immediately) please comment on that > >> JIRA thread? > >> > >> Typically I wouldn't feed Eric 'the troll' Yang, but I think having > >> this type of allegation in a public record could be pretty bad for > >> us. > >> > >> Thanks, > >> Roman. Hi all, As I am catching up on the backlog of mail, I found this: http://chukwa.apache.org/team-list.html Seems Mr Yang is at IBM. Cheers, Peter
