Hi all, I've added Ismael's kip-less idea as a rejected alternative, with appropriate justification. I'm happy to discuss this alternative, as it appears to be the best alternative, and will be what happens if the KIP vote does not succeed.
Thanks, Greg On Wed, Jul 3, 2024 at 10:34 AM Greg Harris <greg.har...@aiven.io> wrote: > Hi Ismael, > > Thanks for the question. > > > Can we not > > use the SecurityManager when it's available and fallback when it's not? > > This is the strategy the KIP is proposing in the interim before we drop > support for the SecurityManager. The KIP should be stating this idea, just > more verbosely. > > > I'm not totally clear on why we need a KIP. > > Implementing the above strategy is IMHO tech debt, and I wanted to plan > for eventually paying off that tech debt before incurring it. > I think the only way to eliminate it is going to be removing our support > for SecurityManager entirely. > Since there may be Kafka users using the SecurityManager, this would > represent a removal of functionality/breaking change for them, and > therefore warrants a KIP. > > Please let me know if you have more questions, > Greg > > On Wed, Jul 3, 2024 at 10:14 AM Ismael Juma <m...@ismaeljuma.com> wrote: > >> Hi Greg, >> >> Thanks for the KIP. I'm not totally clear on why we need a KIP. Can we not >> use the SecurityManager when it's available and fallback when it's not? If >> so, then it would mean that whether SecurityManager is used or not depends >> on the JDK and its configuration. >> >> Ismael >> >> On Mon, Nov 20, 2023 at 4:48 PM Greg Harris <greg.har...@aiven.io.invalid >> > >> wrote: >> >> > Hi all, >> > >> > I'd like to invite you all to discuss removing SecurityManager support >> > from Kafka. This affects the client and server SASL mechanism, Tiered >> > Storage, and Connect classloading. >> > >> > Find the KIP here: >> > >> > >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-1006%3A+Remove+SecurityManager+Support >> > >> > I think this is a "code higiene" effort that doesn't need to be dealt >> > with urgently, but it would prevent a lot of headache later when Java >> > does decide to remove support. >> > >> > If you are currently using the SecurityManager with Kafka, I'd really >> > appreciate hearing how you're using it, and how you're planning around >> > its removal. >> > >> > Thanks! >> > Greg Harris >> > >> >
