On Mon, Jan 6, 2025 at 2:12 PM Eric Maynard wrote:
> > why would Polaris restrict that in controlled environments
>
> To Michael's point, I think this kind of reasoning is a little dangerous.
> We need to clearly define what Polaris will and won't support, rather than
> adopting the mentality tha
> why would Polaris restrict that in controlled environments
To Michael's point, I think this kind of reasoning is a little dangerous. We
need to clearly define what Polaris will and won't support, rather than
adopting the mentality that anything is in scope so long as the admin
configures it.
Looking a bit more into the PR, I think it is primarily about avoiding an
STS call rather than about "raw" credentials.
I think the STS requirement can, indeed, be a blocker for some custom S3
implementations.
If we want to support those, we could allow the admin user to configure a
separate set
(note: I did not review the PR)
On-prem systems usually have different security perimeters than cloud
systems.
While vending long-term credentials by default is too risky, I agree, why
would Polaris restrict that in controlled environments where the admin user
explicitly wants to enable that (e.g
Hi
I think it should have gone via secur...@apache.org just to avoid public
security discussion.
Anyway that makes sense.
Regards
JB
Le sam. 7 déc. 2024 à 19:37, Robert Stupp a écrit :
> Generally I agree. Compromising security is not an option - ever.
>
> > On 7. Dec 2024, at 00:16, Michael
Is this an issue with short-lived credentials with the recent additions to
return and refresh credentials via Iceberg REST?
> On 7. Dec 2024, at 00:16, Michael Collado wrote:
>
> Hey folks
>
> Someone pinged about https://github.com/apache/polaris/pull/389 yesterday
> and I thought it was wort
Generally I agree. Compromising security is not an option - ever.
> On 7. Dec 2024, at 00:16, Michael Collado wrote:
>
> Hey folks
>
> Someone pinged about https://github.com/apache/polaris/pull/389 yesterday
> and I thought it was worth bringing up for discussion.
>
> On-prem s3 compat sounds
Hey folks
Someone pinged about https://github.com/apache/polaris/pull/389 yesterday
and I thought it was worth bringing up for discussion.
On-prem s3 compat sounds like a super useful feature and I'm fully on board
with supporting it, but I think we need to make a decision about whether we
suppor
