Re: [PROPOSAL] Creating security list for ORC
Ok, I've gone ahead and filed the jira. https://issues.apache.org/jira/browse/INFRA-16354 Thanks, Owen On Wed, Apr 11, 2018 at 8:43 AM, Alan Gateswrote: > Makes sense. +1 to adding a security list, especially since it ties in > with secur...@apache.org. > > Alan. > > On Wed, Apr 11, 2018 at 7:40 AM, Owen O'Malley > wrote: > > > The biggest advantage is that email to secur...@tlp.apache.org is > > automatically forwarded to secur...@apache.org allowing them to track > the > > issues. > > > > It also allows the project to include committers who aren't PMC members > on > > the list and makes it easier to search your email for the relevant > > problems. > > > > Thanks, > >Owen > > > > On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess > > wrote: > > > > > Alan, > > > > > > We have a separate security list on the NiFi PMC, and it is mostly for > > > opt-in and for localizing the archive so you can quickly search for > > > security stuff on the security list and not see it all show up on the > > > private list. There tends to be a decent amount of discussion around > > > security issues that can clutter the private list. Not making a > > > recommendation here, just sharing what I know :) > > > > > > Regards, > > > Matt > > > > > > > > > On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates > > wrote: > > > > What's the benefit of having this separate from the private list? > > > > > > > > Alan. > > > > > > > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley < > > owen.omal...@gmail.com> > > > > wrote: > > > > > > > >> I'd like to move forward on this. Any comments? > > > >> > > > >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley < > owen.omal...@gmail.com > > > > > > >> wrote: > > > >> > > > >> > All, > > > >> >I think as we add column encryption in ORC-14, we'll need to > > start > > > >> > handling security issues. I think it would be good to create a > > > security > > > >> > list and policy before we need it. > > > >> > > > > >> > Thoughts? > > > >> > > > > >> > .. Owen > > > >> > > > > >> > > > > > >
Re: [PROPOSAL] Creating security list for ORC
Makes sense. +1 to adding a security list, especially since it ties in with secur...@apache.org. Alan. On Wed, Apr 11, 2018 at 7:40 AM, Owen O'Malleywrote: > The biggest advantage is that email to secur...@tlp.apache.org is > automatically forwarded to secur...@apache.org allowing them to track the > issues. > > It also allows the project to include committers who aren't PMC members on > the list and makes it easier to search your email for the relevant > problems. > > Thanks, >Owen > > On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess > wrote: > > > Alan, > > > > We have a separate security list on the NiFi PMC, and it is mostly for > > opt-in and for localizing the archive so you can quickly search for > > security stuff on the security list and not see it all show up on the > > private list. There tends to be a decent amount of discussion around > > security issues that can clutter the private list. Not making a > > recommendation here, just sharing what I know :) > > > > Regards, > > Matt > > > > > > On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates > wrote: > > > What's the benefit of having this separate from the private list? > > > > > > Alan. > > > > > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley < > owen.omal...@gmail.com> > > > wrote: > > > > > >> I'd like to move forward on this. Any comments? > > >> > > >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley > > > >> wrote: > > >> > > >> > All, > > >> >I think as we add column encryption in ORC-14, we'll need to > start > > >> > handling security issues. I think it would be good to create a > > security > > >> > list and policy before we need it. > > >> > > > >> > Thoughts? > > >> > > > >> > .. Owen > > >> > > > >> > > >
Re: [PROPOSAL] Creating security list for ORC
The biggest advantage is that email to secur...@tlp.apache.org is automatically forwarded to secur...@apache.org allowing them to track the issues. It also allows the project to include committers who aren't PMC members on the list and makes it easier to search your email for the relevant problems. Thanks, Owen On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgesswrote: > Alan, > > We have a separate security list on the NiFi PMC, and it is mostly for > opt-in and for localizing the archive so you can quickly search for > security stuff on the security list and not see it all show up on the > private list. There tends to be a decent amount of discussion around > security issues that can clutter the private list. Not making a > recommendation here, just sharing what I know :) > > Regards, > Matt > > > On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates wrote: > > What's the benefit of having this separate from the private list? > > > > Alan. > > > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley > > wrote: > > > >> I'd like to move forward on this. Any comments? > >> > >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley > >> wrote: > >> > >> > All, > >> >I think as we add column encryption in ORC-14, we'll need to start > >> > handling security issues. I think it would be good to create a > security > >> > list and policy before we need it. > >> > > >> > Thoughts? > >> > > >> > .. Owen > >> > > >> >
Re: [PROPOSAL] Creating security list for ORC
Alan, We have a separate security list on the NiFi PMC, and it is mostly for opt-in and for localizing the archive so you can quickly search for security stuff on the security list and not see it all show up on the private list. There tends to be a decent amount of discussion around security issues that can clutter the private list. Not making a recommendation here, just sharing what I know :) Regards, Matt On Tue, Apr 10, 2018 at 4:01 PM, Alan Gateswrote: > What's the benefit of having this separate from the private list? > > Alan. > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley > wrote: > >> I'd like to move forward on this. Any comments? >> >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley >> wrote: >> >> > All, >> >I think as we add column encryption in ORC-14, we'll need to start >> > handling security issues. I think it would be good to create a security >> > list and policy before we need it. >> > >> > Thoughts? >> > >> > .. Owen >> > >>
Re: [PROPOSAL] Creating security list for ORC
What's the benefit of having this separate from the private list? Alan. On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malleywrote: > I'd like to move forward on this. Any comments? > > On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley > wrote: > > > All, > >I think as we add column encryption in ORC-14, we'll need to start > > handling security issues. I think it would be good to create a security > > list and policy before we need it. > > > > Thoughts? > > > > .. Owen > > >
Re: [PROPOSAL] Creating security list for ORC
I'd like to move forward on this. Any comments? On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malleywrote: > All, >I think as we add column encryption in ORC-14, we'll need to start > handling security issues. I think it would be good to create a security > list and policy before we need it. > > Thoughts? > > .. Owen >
[PROPOSAL] Creating security list for ORC
All, I think as we add column encryption in ORC-14, we'll need to start handling security issues. I think it would be good to create a security list and policy before we need it. Thoughts? .. Owen