Re: [PROPOSAL] Creating security list for ORC

2018-04-13 Thread Owen O'Malley 
Ok, I've gone ahead and filed the jira.

https://issues.apache.org/jira/browse/INFRA-16354

Thanks,
   Owen

On Wed, Apr 11, 2018 at 8:43 AM, Alan Gates  wrote:

> ​Makes sense.  +1 to adding a security list, especially since it ties in
> with secur...@apache.org.
>
> Alan.​
>
> On Wed, Apr 11, 2018 at 7:40 AM, Owen O'Malley 
> wrote:
>
> > The biggest advantage is that email to secur...@tlp.apache.org is
> > automatically forwarded to secur...@apache.org allowing them to track
> the
> > issues.
> >
> > It also allows the project to include committers who aren't PMC members
> on
> > the list and makes it easier to search your email for the relevant
> > problems.
> >
> > Thanks,
> >Owen
> >
> > On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess 
> > wrote:
> >
> > > Alan,
> > >
> > > We have a separate security list on the NiFi PMC, and it is mostly for
> > > opt-in and for localizing the archive so you can quickly search for
> > > security stuff on the security list and not see it all show up on the
> > > private list. There tends to be a decent amount of discussion around
> > > security issues that can clutter the private list. Not making a
> > > recommendation here, just sharing what I know :)
> > >
> > > Regards,
> > > Matt
> > >
> > >
> > > On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates 
> > wrote:
> > > > What's the benefit of having this separate from the private list?
> > > >
> > > > Alan.
> > > >
> > > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley <
> > owen.omal...@gmail.com>
> > > > wrote:
> > > >
> > > >> I'd like to move forward on this. Any comments?
> > > >>
> > > >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley <
> owen.omal...@gmail.com
> > >
> > > >> wrote:
> > > >>
> > > >> > All,
> > > >> >I think as we add column encryption in ORC-14, we'll need to
> > start
> > > >> > handling security issues. I think it would be good to create a
> > > security
> > > >> > list and policy before we need it.
> > > >> >
> > > >> > Thoughts?
> > > >> >
> > > >> > .. Owen
> > > >> >
> > > >>
> > >
> >
>

Re: [PROPOSAL] Creating security list for ORC

2018-04-11 Thread Alan Gates 
​Makes sense.  +1 to adding a security list, especially since it ties in
with secur...@apache.org.

Alan.​

On Wed, Apr 11, 2018 at 7:40 AM, Owen O'Malley 
wrote:

> The biggest advantage is that email to secur...@tlp.apache.org is
> automatically forwarded to secur...@apache.org allowing them to track the
> issues.
>
> It also allows the project to include committers who aren't PMC members on
> the list and makes it easier to search your email for the relevant
> problems.
>
> Thanks,
>Owen
>
> On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess 
> wrote:
>
> > Alan,
> >
> > We have a separate security list on the NiFi PMC, and it is mostly for
> > opt-in and for localizing the archive so you can quickly search for
> > security stuff on the security list and not see it all show up on the
> > private list. There tends to be a decent amount of discussion around
> > security issues that can clutter the private list. Not making a
> > recommendation here, just sharing what I know :)
> >
> > Regards,
> > Matt
> >
> >
> > On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates 
> wrote:
> > > What's the benefit of having this separate from the private list?
> > >
> > > Alan.
> > >
> > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley <
> owen.omal...@gmail.com>
> > > wrote:
> > >
> > >> I'd like to move forward on this. Any comments?
> > >>
> > >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley  >
> > >> wrote:
> > >>
> > >> > All,
> > >> >I think as we add column encryption in ORC-14, we'll need to
> start
> > >> > handling security issues. I think it would be good to create a
> > security
> > >> > list and policy before we need it.
> > >> >
> > >> > Thoughts?
> > >> >
> > >> > .. Owen
> > >> >
> > >>
> >
>

Re: [PROPOSAL] Creating security list for ORC

2018-04-11 Thread Owen O'Malley 
The biggest advantage is that email to secur...@tlp.apache.org is
automatically forwarded to secur...@apache.org allowing them to track the
issues.

It also allows the project to include committers who aren't PMC members on
the list and makes it easier to search your email for the relevant problems.

Thanks,
   Owen

On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess  wrote:

> Alan,
>
> We have a separate security list on the NiFi PMC, and it is mostly for
> opt-in and for localizing the archive so you can quickly search for
> security stuff on the security list and not see it all show up on the
> private list. There tends to be a decent amount of discussion around
> security issues that can clutter the private list. Not making a
> recommendation here, just sharing what I know :)
>
> Regards,
> Matt
>
>
> On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates  wrote:
> > What's the benefit of having this separate from the private list?
> >
> > Alan.
> >
> > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley 
> > wrote:
> >
> >> I'd like to move forward on this. Any comments?
> >>
> >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley 
> >> wrote:
> >>
> >> > All,
> >> >I think as we add column encryption in ORC-14, we'll need to start
> >> > handling security issues. I think it would be good to create a
> security
> >> > list and policy before we need it.
> >> >
> >> > Thoughts?
> >> >
> >> > .. Owen
> >> >
> >>
>

Re: [PROPOSAL] Creating security list for ORC

2018-04-10 Thread Matt Burgess 
Alan,

We have a separate security list on the NiFi PMC, and it is mostly for
opt-in and for localizing the archive so you can quickly search for
security stuff on the security list and not see it all show up on the
private list. There tends to be a decent amount of discussion around
security issues that can clutter the private list. Not making a
recommendation here, just sharing what I know :)

Regards,
Matt


On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates  wrote:
> What's the benefit of having this separate from the private list?
>
> Alan.
>
> On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley 
> wrote:
>
>> I'd like to move forward on this. Any comments?
>>
>> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley 
>> wrote:
>>
>> > All,
>> >I think as we add column encryption in ORC-14, we'll need to start
>> > handling security issues. I think it would be good to create a security
>> > list and policy before we need it.
>> >
>> > Thoughts?
>> >
>> > .. Owen
>> >
>>

Re: [PROPOSAL] Creating security list for ORC

2018-04-10 Thread Alan Gates 
What's the benefit of having this separate from the private list?

Alan.

On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley 
wrote:

> I'd like to move forward on this. Any comments?
>
> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley 
> wrote:
>
> > All,
> >I think as we add column encryption in ORC-14, we'll need to start
> > handling security issues. I think it would be good to create a security
> > list and policy before we need it.
> >
> > Thoughts?
> >
> > .. Owen
> >
>

Re: [PROPOSAL] Creating security list for ORC

2018-04-10 Thread Owen O'Malley 
I'd like to move forward on this. Any comments?

On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley 
wrote:

> All,
>I think as we add column encryption in ORC-14, we'll need to start
> handling security issues. I think it would be good to create a security
> list and policy before we need it.
>
> Thoughts?
>
> .. Owen
>

[PROPOSAL] Creating security list for ORC

2017-12-01 Thread Owen O'Malley 
All,
   I think as we add column encryption in ORC-14, we'll need to start
handling security issues. I think it would be good to create a security
list and policy before we need it.

Thoughts?

.. Owen