Github user kanzhang commented on the pull request:
https://github.com/apache/spark/pull/6676#issuecomment-110566978
> I think you're misunderstanding me. I'm arguing that using the env
variable to propagate the secret is as secure as using stdin. It's not about
per-app keys or anything else you're talking about.
I get your point. From the point of view of preventing non-Spark users from
getting the secret, both stdin and env variable will do. But for me, this patch
is just a stepping stone toward supporting per-app secrets in standalone mode,
without going full-blown on running user apps in their own accounts. For that,
env variable will not work. If, however, this goal is unrealistic, I'll have to
scale back and take your suggestion. Thanks for the discussion anyway.
Any comments from others on using stdin to pass secrets to child processes?
@rxin @pwendell @andrewor14 ?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
