Thanks Chris, Completely understand " I'm completely focused on resolving 3.5.0 release blockers and setting us up with a release candidate to review."
I don't wish to create a "release blocker" to make my issues seem more important...however... https://issues.apache.org/jira/browse/YARN-11920 In my estimation the current linux-container-executor doesn't work. I have posted this on the list now and no one has debunked it with "You are doing it wrong". It blocks me quite badly. You cant actually run a word-count with linux-container-executor! As for https://issues.apache.org/jira/browse/YARN-11919, I would say it is also a blocker. There isn't a good reason why the code should only work on "some linux". I think I see how it happened, if you google the recipe to "read the passwd file with c". You find a few "examples" which just dont deal with the buffer correctly. They include the comments "#should be big enough" it is just written wrong. Also I posted to another hadoop list (havent heard back), but the bad pointer stuff is risky to say the least. Edward On Wed, Feb 4, 2026 at 4:02 PM Chris Nauroth <[email protected]> wrote: > Hi Edward, > > Sorry these have not been reviewed yet. I'm sure this is due to limited > committer bandwidth. For myself, I definitely have it in my queue to get > back to reviewing #8177. Right now though, I'm completely focused on > resolving 3.5.0 release blockers and setting us up with a release candidate > to review. > > If any non-committers have time for a review pass, that would be another > way to give these pull requests an initial boost. All the help is > appreciated! > > Chris Nauroth > > > On Tue, Feb 3, 2026 at 2:12 PM Edward Capriolo <[email protected]> > wrote: > >> Yellow elephant friends. Can I get a sponsor to review? I am chomping at >> the bit you know. I used all my free AI credits to make the "MUSL hadoop" >> logo. Got to get the PRS merged : >> >> [image: output.jpg] >> >> On Fri, Jan 23, 2026 at 8:59 AM Edward Capriolo <[email protected]> >> wrote: >> >>> Hey friends, I have been busy. Please when you can take a look at these >>> things. The two related to my best friend "container executor" are c. IF >>> that scares you like it scared me I annotated the PR so it is hopefully >>> less scary. >>> >>> >>> Less vulnerabilities. a win for hadoop security! >>> https://github.com/apache/hadoop/pull/8188 >>> >>> Code is not portable and not correct. I annotated the PR with comments >>> so non c people can understand why >>> https://github.com/apache/hadoop/pull/8177 >>> >>> The owasp plugin (the thing that helps you detect vulnerable code) is >>> old and doesnt work >>> https://github.com/apache/hadoop/pull/8186 >>> >>> In my estimation the container executor has another leak, I also do not >>> see how it works at all with the premissions it sets, maybe everyone is >>> running foks or patches? The code is refined and you can see that the >>> method in question is not called during the test suite. hence my added tests >>> >>> https://github.com/apache/hadoop/pull/8184 >>> >>> >>>
