Github user kanzhang commented on the pull request:
https://github.com/apache/spark/pull/6676#issuecomment-110534655
> The point is not that they will automatically do it, the point is that
they can.
I guess it's all about how easy it is to do so. Can you show me a trivial
example, just so I can convince myself anything in this direction is not worth
trying?
> It does because the session key is encrypted using the cert's private key.
Ok, we are each partially correct on this one. Forward/backward secrecy is
only supported by certain key-agreement ciphers (Diffie-Hellman).
> We've had issues in the past with pyspark and Scala code that messed with
stdin.
I must have missed that. Can you post a pointer?
> Since there's a trivial option that doesn't involve using stdin and does
not have any drawback security-wise, I don't understand what's your reluctance
in using it.
Well, maybe I set my expectations too high. :) It does have drawback in the
sense that it is not a solution for improving multi-tenancy. I'm wiling to be
convinced multi-tenancy improvements without running user apps in their own
accounts are not worth trying.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
