Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17974 )
Change subject: [encryption] KUDU-3331 Encrypt file system ...................................................................... Patch Set 4: (3 comments) http://gerrit.cloudera.org:8080/#/c/17974/3//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/17974/3//COMMIT_MSG@19 PS3, Line 19: The default is : now true > From 'grep -r "FileOptions" . --exclude="*test*" --exclude="*env_posix*"', It seems the question about changing the default for the 'is_encrypred' is now resolved since the semantics for that field is clarified and now it's named 'is_sensitive'. However, I think it's worth clarifying on the items that Andrew pointed at. Do you think it's possible to add some sort of test scenario (or maybe even DCHECK()) to make sure the files created at a single fresh run of kudu-tserver/kudu-master are properly encrypted once kudu-tserver/kudu-master is restarted? http://gerrit.cloudera.org:8080/#/c/17974/3//COMMIT_MSG@32 PS3, Line 32: and tablet metadata files. > I don't think we should treat our redaction policy as the gold standard for +1 I guess everything related to the user's data (and that includes metadata) should be considered sensitive. As far as I can see, we do redact partitioning-related information at least in the logs (such as begin/end for range keys). http://gerrit.cloudera.org:8080/#/c/17974/4/src/kudu/util/env.h File src/kudu/util/env.h: http://gerrit.cloudera.org:8080/#/c/17974/4/src/kudu/util/env.h@421 PS4, Line 421: is_sensitive Ah, that's now much clearer! -- To view, visit http://gerrit.cloudera.org:8080/17974 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I909d0c4af0c1fca0d14c99a6627842dbe2ed7524 Gerrit-Change-Number: 17974 Gerrit-PatchSet: 4 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Bankim Bhavsar <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Wed, 03 Nov 2021 00:02:07 +0000 Gerrit-HasComments: Yes
