cnauroth commented on PR #26102: URL: https://github.com/apache/flink/pull/26102#issuecomment-3216047004
@rmetzger , sorry for not giving a status update sooner, but I had started a similar conversation in Hadoop on 7/23: https://lists.apache.org/thread/gy30bn6dm4qc3qwfdzdh2318m38yyvyn I then filed [INFRA-27071](https://issues.apache.org/jira/browse/INFRA-27071) to request a GCS bucket and credentials. The latest status in that bug is that infra has no presence on GCP and doesn't plan to use it, so it appears this is a non-starter at the moment. I agree that this PR is still useful in its current state, especially if people have the option to run manually before upgrades like FLINK-37328. Can we resume review and eventual merge? > Fully agree with you that this is a pretty risky approach, as it requires PRs to be carefully reviewed to not steal the credentials when merged. BTW as a side note, if we had gone ahead with this, then I would have advocated for setting it up as something committer-triggered (e.g. with a comment on the PR) only after careful review. Ideally the automation would also exchange service account credentials for a short-lived token with a tight downscoped access boundary, so even if something sneaks past us, at least it's not a powerful long-term credential. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
