Generally I agree. Compromising security is not an option - ever.
> On 7. Dec 2024, at 00:16, Michael Collado <collado.m...@gmail.com> wrote:
>
> Hey folks
>
> Someone pinged about https://github.com/apache/polaris/pull/389 yesterday
> and I thought it was worth bringing up for discussion.
>
> On-prem s3 compat sounds like a super useful feature and I'm fully on board
> with supporting it, but I think we need to make a decision about whether we
> support vending long-lived storage credentials in the REST endpoint. I
> think we generally favor compatibility and extensibility, but I am of the
> opinion that we should disallow obvious security risks, such as vending
> long-lived credentials. The blast radius of accidentally vending
> short-lived tokens is fairly contained, whereas the consequences of vending
> long-lived credentials can be unbounded.
>
> I think this is one of those areas where the project/community should be
> opinionated and say we should not sacrifice security for the sake of
> compatibility with specific environments. If some environments promote less
> secure credential handling by disallow session token generation, then we
> should simply not support those environments.
>
> What are your thoughts on that issue? Is that a suitable design tenet we
> can add to our project documentation? Or am I just being stubborn?
>
> Mike
