Client password hashing

Hi all, I would like to propose to add support for client password hashing (https://issues.apache.org/jira/browse/CASSANDRA-17334). If anybody has any concerns or question with this functionality I will be happy to discuss them. Thx in advance.

Re: Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

Congrats, nice one! On 15/2/22 20:50, Mick Semb Wever wrote: Thanks a lot, Anthony, Erick and Lorina for all the work you have done on the website and documentation. Congrats !! There has been a huge amount of work on the docs rewrite, the new docs build system, and all the

Re: [DISCUSS] Hotfix release procedure

Any committer can submit a devbranch build... Kind Regards, Brandon On Tue, Feb 15, 2022 at 1:58 PM Mick Semb Wever wrote: > > > >> We've done concurrent releases without security before, and you follow much >> closer than others. I feel most people, if they saw all of the changes >> reverted

Re: [DISCUSS] Hotfix release procedure

We've done concurrent releases without security before, and you follow much > closer than others. I feel most people, if they saw all of the > changes reverted and a release of a single fix, would either instantly know > it's security (high confidence pointer to exactly which patch) OR assume >

Re: Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

> > > Thanks a lot, Anthony, Erick and Lorina for all the work you have done on > the website and documentation. > > Congrats !! There has been a huge amount of work on the docs rewrite, the new docs build system, and all the content that's been landing recently 

Re: Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

Nice work guys! Very happy to see non-core-database contributors being recognized by the project as committers. Em ter., 15 de fev. de 2022 às 16:28, Melissa Logan escreveu: > Spectacular -- congrats, all! > > On Tue, Feb 15, 2022 at 11:27 AM Chris Thornett > wrote: > >> Fantastic news!

Re: Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

Spectacular -- congrats, all! On Tue, Feb 15, 2022 at 11:27 AM Chris Thornett wrote: > Fantastic news! Congrats to you all and well deserved! > -- Melissa Logan (she/her) Principal, Constantia.io meli...@constantia.io Cell: 503-317-8498 LinkedIn |

RE: Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

Fantastic news! Congrats to you all and well deserved!

Re: Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

Congratulations all of you! Well deserved additions. > On Feb 15, 2022, at 12:30 PM, Brandon Williams wrote: > > Congratulations, well deserved! > >> On Tue, Feb 15, 2022 at 12:13 PM Benjamin Lerer wrote: >> >> The PMC members are pleased to announce that Anthony Grasso, Erick Ramirez >>

Re: Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

This is a great day for the project. These are three people that have been contributing continuously to the success of Cassandra users for so many years I can't even guess. Really makes me happy to see the project mature into a place where a diversity of contributions are recognized.

Re: [DISCUSS] Hotfix release procedure

Correct. No need to revert anything or keep extra branches around. You just checkout the tag and then make a branch with the single fix on it. > On Feb 15, 2022, at 10:08 AM, Josh McKenzie wrote: > >  > Was thinking that too after I wrote this. Means we'd only need to change our > process

Re: Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

Congratulations, well deserved! On Tue, Feb 15, 2022 at 12:13 PM Benjamin Lerer wrote: > > The PMC members are pleased to announce that Anthony Grasso, Erick Ramirez > and Lorina Poland have accepted the invitation to become committers. > > Thanks a lot, Anthony, Erick and Lorina for all the

Re: Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

Great news! Congrats and thank you for all your work! On Tue, 15 Feb 2022 at 13:13, Benjamin Lerer wrote: > The PMC members are pleased to announce that Anthony Grasso, Erick Ramirez > and Lorina Poland have accepted the invitation to become committers. > > Thanks a lot, Anthony, Erick and

Welcome Anthony Grasso, Erick Ramirez and Lorina Poland as Cassandra committers

The PMC members are pleased to announce that Anthony Grasso, Erick Ramirez and Lorina Poland have accepted the invitation to become committers. Thanks a lot, Anthony, Erick and Lorina for all the work you have done on the website and documentation. Congratulations and welcome The Apache

Re: [DISCUSS] Hotfix release procedure

Was thinking that too after I wrote this. Means we'd only need to change our process for future hotfixes and keep everything else as-is. On Tue, Feb 15, 2022, at 10:55 AM, Brandon Williams wrote: > On Tue, Feb 15, 2022 at 9:53 AM Josh McKenzie wrote: > > > > The only way I'd be in favor of a

Re: [DISCUSS] Hotfix release procedure

On Tue, Feb 15, 2022 at 9:53 AM Josh McKenzie wrote: > > The only way I'd be in favor of a release that removes all other committed > patches > > Couldn't we just have a snapshot branch for each supported major/minor > release branch that we patch for hotfixes and we bump up whenever we have a

Re: [DISCUSS] Hotfix release procedure

+1 (hotfix with only security fix, private vote, private branch & private ci) On Tue, Feb 15, 2022 at 02:18:42PM +, bened...@apache.org wrote: > One issue with this approach is that we are advertising that we are preparing > a security release by preparing such a release candidate. > > I

Re: [DISCUSS] Hotfix release procedure

> The only way I'd be in favor of a release that removes all other committed > patches Couldn't we just have a snapshot branch for each supported major/minor release branch that we patch for hotfixes and we bump up whenever we have a GA on a parent branch? Shouldn't be any extra burden other

Re: [DISCUSS] Hotfix release procedure

We've done concurrent releases without security before, and you follow much closer than others. I feel most people, if they saw all of the changes reverted and a release of a single fix, would either instantly know it's security (high confidence pointer to exactly which patch) OR assume someone

Re: [DISCUSS] Hotfix release procedure

We already advertise that we are preparing a security release when ever we release all of our patch versions at the same time. So I don’t think there is an issue there. I was not involved in any PMC discussions and had no knowledge of the CVE, but when three branches got release votes at the

Re: [DISCUSS] Hotfix release procedure

One issue with this approach is that we are advertising that we are preparing a security release by preparing such a release candidate. I wonder if we need to find a way to produce binaries without leaving an obvious public mark (i.e. private CI, private branch) From: Josh McKenzie Date:

Re: [DISCUSS] Hotfix release procedure

+1 On Tue, Feb 15, 2022 at 8:09 AM Josh McKenzie wrote: > > On the release thread for 4.0.2 Jeremiah brought up a point about hotfix > releases and CI: > https://lists.apache.org/thread/7zc22z5vw5b58hdzpx2nypwfzjzo3qbr > > If we are making this release for a security incident/data loss/hot fix

Re: [DISCUSS] Hotfix release procedure

+1. If we want to take our release quality seriously then I think this would be a great policy to have. > On Feb 15, 2022, at 8:09 AM, Josh McKenzie wrote: > >  > On the release thread for 4.0.2 Jeremiah brought up a point about hotfix > releases and CI: >

[DISCUSS] Hotfix release procedure

On the release thread for 4.0.2 Jeremiah brought up a point about hotfix releases and CI: https://lists.apache.org/thread/7zc22z5vw5b58hdzpx2nypwfzjzo3qbr > If we are making this release for a security incident/data loss/hot fix > reason, then I would expect to see the related change set only

Re: [VOTE] Release Apache Cassandra 4.0.3

+1 > On 15 Feb 2022, at 07:49, Marcus Eriksson wrote: > > +1 > > On Sun, Feb 13, 2022 at 11:03:01PM +0100, Mick Semb Wever wrote: >> Proposing the test build of Cassandra 4.0.3 for release. >> >> >> sha1: a87055d56a33a9b17606f14535f48eb461965b82 >> >> Git: >>