Hello, folks.
I hope this email finds you well. I would like to start a discussion about
PIP-296 Support storing broker internal client certificates in metadata
store[1].
Please don't hesitate to leave any concerns or questions.
Best,
Mattison
[1] https://github.com/apache/pulsar/pull/21044/
Hi,
Pulsar stores different types of metadata into a metadata store which
contains tenant, namespaces and topic metadata. Metadata-store should store
metadata definition and should avoid combining other non metadata related
information especially certificates or keys like encryption/decryption
key
Hi Mattion
+1
I think this pretty makes Pulsar easy to use.
Thanks
Yubiao
On Fri, Sep 8, 2023 at 4:21 PM mattison chao wrote:
>
> Hello, folks.
>
> I hope this email finds you well. I would like to start a discussion about
> PIP-296 Support storing broker internal client certificates in meta
Hi, Rajan
I understand your concerns about the cert management. I just want to let
cluster data support store base64 encoded brokerClientTrustCerts to avoid
multiple cluster replication problems in the private cert assignment. We
already have the ClusterDataImpl that stores the metadata. We can
+1 (binding)
I checked
- Signature and checksums match
- Build the client from the source
- Run examples
Best,
tison.
Yunze Xu 于2023年9月8日周五 01:15写道:
> +1 (binding)
>
> - Verified signature and checksums
> - Build from source with dotnet 7.0.400 on Windows 11
> - Run the example by adding the
Hi David,
Glad to see you participating in the vote process.
Generally, on a vote for release candidate, we +1 with reasons. You can take
Zike's reply as an example.
On 2023/09/06 17:29:10 David Jensen wrote:
> Thanks for helping to bring this release forward, Tison :)
>
> +1 (non-binding)
>
As I said, Pulsar is not made for cert management system and introducing
such extensions will bring a lot of other complexities such as cert
rotation, access rights, expiry of certs, securing certs, supporting
different types of keystore and cert format etc,.. and that will be out of
the scope of
Thanks for your PIP. I respect that this is a challenge for users. I have
spent hours debugging basic cert mistakes, so I agree it is worth
discussing. That being said, I have some concerns about the design.
The PIP dropped the section that is supposed to describe the security
implications of the
Thanks for your response, Matteo.
The benefits of my proposed alternative are dependent on the amount of
time between when a broker stops accepting messages and when the
client learns of the new host for the topic. The main areas this will
matter are failure scenarios where that delta or that "mea
I approved the PR. The helm chart's status is a bit ambiguous at the
moment. I'm not sure if there is anyone planning on doing a release.
- Michael
On Wed, Sep 6, 2023 at 11:48 AM Frank Kelly
wrote:
>
> Hello Pulsar Family,
>
> When folks get a chance I would appreciate some feedback on this pr
10 matches
Mail list logo
