May one of the committers/ contributors comment. Do we understand what I am reporting to be a blocker? Risk etc.
On Monday, February 9, 2026, Edward Capriolo <[email protected]> wrote: > Thanks Chris, > > Completely understand " I'm completely focused on resolving 3.5.0 release > blockers and setting us up with a release candidate to review." > > I don't wish to create a "release blocker" to make my issues seem more > important...however... > > https://issues.apache.org/jira/browse/YARN-11920 > > In my estimation the current linux-container-executor doesn't work. I have > posted this on the list now and no one has debunked it with "You are doing > it wrong". It blocks me quite badly. You cant actually run a word-count > with linux-container-executor! > > As for https://issues.apache.org/jira/browse/YARN-11919, I would say it > is also a blocker. There isn't a good reason why the code should only work > on "some linux". I think I see how it happened, if you google the recipe to > "read the passwd file with c". You find a few "examples" which just dont > deal with the buffer correctly. They include the comments "#should be big > enough" it is just written wrong. > > Also I posted to another hadoop list (havent heard back), but the bad > pointer stuff is risky to say the least. > > Edward > > > On Wed, Feb 4, 2026 at 4:02 PM Chris Nauroth <[email protected]> wrote: > >> Hi Edward, >> >> Sorry these have not been reviewed yet. I'm sure this is due to limited >> committer bandwidth. For myself, I definitely have it in my queue to get >> back to reviewing #8177. Right now though, I'm completely focused on >> resolving 3.5.0 release blockers and setting us up with a release candidate >> to review. >> >> If any non-committers have time for a review pass, that would be another >> way to give these pull requests an initial boost. All the help is >> appreciated! >> >> Chris Nauroth >> >> >> On Tue, Feb 3, 2026 at 2:12 PM Edward Capriolo <[email protected]> >> wrote: >> >>> Yellow elephant friends. Can I get a sponsor to review? I am chomping at >>> the bit you know. I used all my free AI credits to make the "MUSL hadoop" >>> logo. Got to get the PRS merged : >>> >>> [image: output.jpg] >>> >>> On Fri, Jan 23, 2026 at 8:59 AM Edward Capriolo <[email protected]> >>> wrote: >>> >>>> Hey friends, I have been busy. Please when you can take a look at these >>>> things. The two related to my best friend "container executor" are c. IF >>>> that scares you like it scared me I annotated the PR so it is hopefully >>>> less scary. >>>> >>>> >>>> Less vulnerabilities. a win for hadoop security! >>>> https://github.com/apache/hadoop/pull/8188 >>>> >>>> Code is not portable and not correct. I annotated the PR with comments >>>> so non c people can understand why >>>> https://github.com/apache/hadoop/pull/8177 >>>> >>>> The owasp plugin (the thing that helps you detect vulnerable code) is >>>> old and doesnt work >>>> https://github.com/apache/hadoop/pull/8186 >>>> >>>> In my estimation the container executor has another leak, I also do not >>>> see how it works at all with the premissions it sets, maybe everyone is >>>> running foks or patches? The code is refined and you can see that the >>>> method in question is not called during the test suite. hence my added >>>> tests >>>> >>>> https://github.com/apache/hadoop/pull/8184 >>>> >>>> >>>> -- Sorry this was sent from mobile. Will do less grammar and spell check than usual.
