I'm in favor of this in general, though I do think the proper way to do it isn't obvious to me, given the cross-project nature of the goal.
On Thu, Jun 20, 2013 at 1:01 PM, Andrew Purtell <apurt...@apache.org> wrote: > On Thu, Jun 20, 2013 at 10:31 AM, Alejandro Abdelnur <t...@cloudera.com > >wrote: > > > Is this restricted to the Hadoop project itself or the intention is to > > cover the whole Hadoop ecosystem? If the later, how are you planning to > > engage and sync up with the different projects? > > > > The intent is to cover the entire Hadoop ecosystem. How specifically to > structure the work and engage different projects would depend on what facet > of security is being addressed. I think it would be awesome if the Hadoop > PMC is willing to lend resources for an ongoing virtual meetup on security > concerns (a meetup ecosystem wide) that cross-cut everywhere, and that > makes sense, at least to me, because in many cases we could build from the > core outward and propose uptake of artifacts that solve a common problem on > project specific JIRAs. > Sorry, what exactly do you mean by "meetup" ? I think in general it makes sense for this effort to be hosted by the Hadoop project proper, given that much of the security of the rest of the system is built on top of the libraries in Hadoop Common. Note, however, that certainly not all of what are generally considered the "Hadoop ecosystem" projects build their security using only what's in Hadoop Common, e.g. Hive makes extensive use of Thrift and Thrift's SASL implementation. -- Aaron T. Myers Software Engineer, Cloudera
