Y!'s developed extensive security features based on the 0.20 branch. The
0.20 versions of the individual patches appear in Jira, but these have
not been committed to any branch in Apache's SVN. Y! has periodically
pushed out versions of these as Yahoo!'s Distribution of Hadoop at
github, and Cloudera is likely to make a 0.20-based distribution
including these as well.
Shouldn't we commit these all to some 0.20-based branch at Apache? I'd
earlier (on common-dev) suggested we might start a 1.0 branch based on
0.20, then add a 1.1 branch with the security patches. If that were
done, the 0.21 release could perhaps instead be called 1.2. But,
regardless of the naming, it would be good to have the 0.20 versions of
all of the security patches committed to a branch at Apache so that we
can make a release that includes them, patches can be targeted against
this branch, etc.
What do others think?
Doug
