Ugh, it looks like we all missed that 0.92.0 release tarballs (both
security compile and normal) do not contain any of the source of the
security work.

Jon.

--
// Jonathan Hsieh (shay)
// Software Engineer, Cloudera
// [EMAIL PROTECTED]

Can't believe I missed that. I haven't been paying enough attention to upstream.
However, this isn't the worst thing that could have happened, without HBASE-5195 in the upstream sources security isn't going to adequately protect Gets. Also there is a shell nit to fix (HBASE-5265).
Put it 0.94. No problem. It wouldn't be unreasonable to consider coprocessors more baked than security in upstream.
Best regards,

    - Andy

Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)

>________________________________
> From: Jonathan Hsieh <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Sent: Thursday, January 26, 2012 11:29 AM
>Subject: No security sources in 0.92.0 release tarballs.
>
>Ugh, it looks like we all missed that 0.92.0 release tarballs (both
>security compile and normal) do not contain any of the source of the
>security work.
>
>Jon.
>
>--
>// Jonathan Hsieh (shay)
>// Software Engineer, Cloudera
>// [EMAIL PROTECTED]
>
>
>

To be clear, the compiled security classes are included in the
hbase-0.92.0-security.jar in the security build.  But we are missing
the source files from security/src/... under the src/ directory in the
tarball.  Probably an oversight of mine in the addition of the
security profile to the POM.

So security should be functional in the release, subject to the
caveats Andy mentions.
On Thu, Jan 26, 2012 at 11:39 AM, Andrew Purtell <[EMAIL PROTECTED]> wrote:
> Can't believe I missed that. I haven't been paying enough attention to upstream.
>
>
> However, this isn't the worst thing that could have happened, without HBASE-5195 in the upstream sources security isn't going to adequately protect Gets. Also there is a shell nit to fix (HBASE-5265).
>
>
> Put it 0.94. No problem. It wouldn't be unreasonable to consider coprocessors more baked than security in upstream.
>
>
> Best regards,
>
>     - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
>
>
>
>>________________________________
>> From: Jonathan Hsieh <[EMAIL PROTECTED]>
>>To: [EMAIL PROTECTED]
>>Sent: Thursday, January 26, 2012 11:29 AM
>>Subject: No security sources in 0.92.0 release tarballs.
>>
>>Ugh, it looks like we all missed that 0.92.0 release tarballs (both
>>security compile and normal) do not contain any of the source of the
>>security work.
>>
>>Jon.
>>
>>--
>>// Jonathan Hsieh (shay)
>>// Software Engineer, Cloudera
>>// [EMAIL PROTECTED]
>>
>>
>>

So I reread this and I probably misunderstood for a moment what Jon was saying.

I mentioned this in another email last week, regardless it is important to tag security as alpha and anyone who wants to seriously use it for more than just secure RPC is going to need to patch with HBASE-5195.

So I presume 5195 and the sources will appear in 0.92.1.

 
Best regards,

    - Andy

Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
----- Original Message -----
> From: Andrew Purtell <[EMAIL PROTECTED]>
> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> Cc:
> Sent: Thursday, January 26, 2012 11:39 AM
> Subject: Re: No security sources in 0.92.0 release tarballs.
>
> Can't believe I missed that. I haven't been paying enough attention to
> upstream.
>
>
> However, this isn't the worst thing that could have happened, without
> HBASE-5195 in the upstream sources security isn't going to adequately
> protect Gets. Also there is a shell nit to fix (HBASE-5265).
>
>
> Put it 0.94. No problem. It wouldn't be unreasonable to consider
> coprocessors more baked than security in upstream.
>
>
> Best regards,
>
>     - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein (via
> Tom White)
>
>
>
>> ________________________________
>>  From: Jonathan Hsieh <[EMAIL PROTECTED]>
>> To: [EMAIL PROTECTED]
>> Sent: Thursday, January 26, 2012 11:29 AM
>> Subject: No security sources in 0.92.0 release tarballs.
>>
>> Ugh, it looks like we all missed that 0.92.0 release tarballs (both
>> security compile and normal) do not contain any of the source of the
>> security work.
>>
>> Jon.
>>
>> --
>> // Jonathan Hsieh (shay)
>> // Software Engineer, Cloudera
>> // [EMAIL PROTECTED]
>>
>>
>>
>

Andrew, Gary,

Sorry, I should have written the initial message a little more clearly, but
Gary's clarification is spot on.

I've filed it as a 0.94 and 0.92.1 blocker.
https://issues.apache.org/jira/browse/HBASE-5288

Can one of you guys pick it up the fix for this?

Jon.

On Thu, Jan 26, 2012 at 11:50 AM, Andrew Purtell <[EMAIL PROTECTED]>wrote:

> So I reread this and I probably misunderstood for a moment what Jon was
> saying.
>
> I mentioned this in another email last week, regardless it is important to
> tag security as alpha and anyone who wants to seriously use it for more
> than just secure RPC is going to need to patch with HBASE-5195.
>
> So I presume 5195 and the sources will appear in 0.92.1.
>
>
> Best regards,
>
>     - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)
>
>
> ----- Original Message -----
> > From: Andrew Purtell <[EMAIL PROTECTED]>
> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> > Cc:
> > Sent: Thursday, January 26, 2012 11:39 AM
> > Subject: Re: No security sources in 0.92.0 release tarballs.
> >
> > Can't believe I missed that. I haven't been paying enough attention to
> > upstream.
> >
> >
> > However, this isn't the worst thing that could have happened, without
> > HBASE-5195 in the upstream sources security isn't going to adequately
> > protect Gets. Also there is a shell nit to fix (HBASE-5265).
> >
> >
> > Put it 0.94. No problem. It wouldn't be unreasonable to consider
> > coprocessors more baked than security in upstream.
> >
> >
> > Best regards,
> >
> >     - Andy
> >
> > Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via
> > Tom White)
> >
> >
> >
> >> ________________________________
> >>  From: Jonathan Hsieh <[EMAIL PROTECTED]>
> >> To: [EMAIL PROTECTED]
> >> Sent: Thursday, January 26, 2012 11:29 AM
> >> Subject: No security sources in 0.92.0 release tarballs.
> >>
> >> Ugh, it looks like we all missed that 0.92.0 release tarballs (both
> >> security compile and normal) do not contain any of the source of the
> >> security work.
> >>
> >> Jon.
> >>
> >> --
> >> // Jonathan Hsieh (shay)
> >> // Software Engineer, Cloudera
> >> // [EMAIL PROTECTED]
> >>
> >>
> >>
> >
>

--
// Jonathan Hsieh (shay)
// Software Engineer, Cloudera
// [EMAIL PROTECTED]

Jon,

Thanks for spotting it.  I'll pick it up.  Assuming this means changes
to src/assembly/all.xml...  I'll read up on the assembly plugin in.

--gh
On Thu, Jan 26, 2012 at 12:15 PM, Jonathan Hsieh <[EMAIL PROTECTED]> wrote:
> Andrew, Gary,
>
> Sorry, I should have written the initial message a little more clearly, but
> Gary's clarification is spot on.
>
> I've filed it as a 0.94 and 0.92.1 blocker.
> https://issues.apache.org/jira/browse/HBASE-5288
>
> Can one of you guys pick it up the fix for this?
>
> Jon.
>
> On Thu, Jan 26, 2012 at 11:50 AM, Andrew Purtell <[EMAIL PROTECTED]>wrote:
>
>> So I reread this and I probably misunderstood for a moment what Jon was
>> saying.
>>
>> I mentioned this in another email last week, regardless it is important to
>> tag security as alpha and anyone who wants to seriously use it for more
>> than just secure RPC is going to need to patch with HBASE-5195.
>>
>> So I presume 5195 and the sources will appear in 0.92.1.
>>
>>
>> Best regards,
>>
>>     - Andy
>>
>> Problems worthy of attack prove their worth by hitting back. - Piet Hein
>> (via Tom White)
>>
>>
>> ----- Original Message -----
>> > From: Andrew Purtell <[EMAIL PROTECTED]>
>> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>> > Cc:
>> > Sent: Thursday, January 26, 2012 11:39 AM
>> > Subject: Re: No security sources in 0.92.0 release tarballs.
>> >
>> > Can't believe I missed that. I haven't been paying enough attention to
>> > upstream.
>> >
>> >
>> > However, this isn't the worst thing that could have happened, without
>> > HBASE-5195 in the upstream sources security isn't going to adequately
>> > protect Gets. Also there is a shell nit to fix (HBASE-5265).
>> >
>> >
>> > Put it 0.94. No problem. It wouldn't be unreasonable to consider
>> > coprocessors more baked than security in upstream.
>> >
>> >
>> > Best regards,
>> >
>> >     - Andy
>> >
>> > Problems worthy of attack prove their worth by hitting back. - Piet Hein
>> (via
>> > Tom White)
>> >
>> >
>> >
>> >> ________________________________
>> >>  From: Jonathan Hsieh <[EMAIL PROTECTED]>
>> >> To: [EMAIL PROTECTED]
>> >> Sent: Thursday, January 26, 2012 11:29 AM
>> >> Subject: No security sources in 0.92.0 release tarballs.
>> >>
>> >> Ugh, it looks like we all missed that 0.92.0 release tarballs (both
>> >> security compile and normal) do not contain any of the source of the
>> >> security work.
>> >>
>> >> Jon.
>> >>
>> >> --
>> >> // Jonathan Hsieh (shay)
>> >> // Software Engineer, Cloudera
>> >> // [EMAIL PROTECTED]
>> >>
>> >>
>> >>
>> >
>>
>
>
>
> --
> // Jonathan Hsieh (shay)
> // Software Engineer, Cloudera
> // [EMAIL PROTECTED]

Maven likes things a certain way and if it hard it usually because you are
not doing it the way the mavenista's have decreed.  Unfortunately, it isn't
clear to me what the right way to do it is.

Jon.

On Thu, Jan 26, 2012 at 12:30 PM, Gary Helmling <[EMAIL PROTECTED]> wrote:

> Jon,
>
> Thanks for spotting it.  I'll pick it up.  Assuming this means changes
> to src/assembly/all.xml...  I'll read up on the assembly plugin in.
>
> --gh
>
>
> On Thu, Jan 26, 2012 at 12:15 PM, Jonathan Hsieh <[EMAIL PROTECTED]> wrote:
> > Andrew, Gary,
> >
> > Sorry, I should have written the initial message a little more clearly,
> but
> > Gary's clarification is spot on.
> >
> > I've filed it as a 0.94 and 0.92.1 blocker.
> > https://issues.apache.org/jira/browse/HBASE-5288
> >
> > Can one of you guys pick it up the fix for this?
> >
> > Jon.
> >
> > On Thu, Jan 26, 2012 at 11:50 AM, Andrew Purtell <[EMAIL PROTECTED]
> >wrote:
> >
> >> So I reread this and I probably misunderstood for a moment what Jon was
> >> saying.
> >>
> >> I mentioned this in another email last week, regardless it is important
> to
> >> tag security as alpha and anyone who wants to seriously use it for more
> >> than just secure RPC is going to need to patch with HBASE-5195.
> >>
> >> So I presume 5195 and the sources will appear in 0.92.1.
> >>
> >>
> >> Best regards,
> >>
> >>     - Andy
> >>
> >> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> >> (via Tom White)
> >>
> >>
> >> ----- Original Message -----
> >> > From: Andrew Purtell <[EMAIL PROTECTED]>
> >> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> >> > Cc:
> >> > Sent: Thursday, January 26, 2012 11:39 AM
> >> > Subject: Re: No security sources in 0.92.0 release tarballs.
> >> >
> >> > Can't believe I missed that. I haven't been paying enough attention to
> >> > upstream.
> >> >
> >> >
> >> > However, this isn't the worst thing that could have happened, without
> >> > HBASE-5195 in the upstream sources security isn't going to adequately
> >> > protect Gets. Also there is a shell nit to fix (HBASE-5265).
> >> >
> >> >
> >> > Put it 0.94. No problem. It wouldn't be unreasonable to consider
> >> > coprocessors more baked than security in upstream.
> >> >
> >> >
> >> > Best regards,
> >> >
> >> >     - Andy
> >> >
> >> > Problems worthy of attack prove their worth by hitting back. - Piet
> Hein
> >> (via
> >> > Tom White)
> >> >
> >> >
> >> >
> >> >> ________________________________
> >> >>  From: Jonathan Hsieh <[EMAIL PROTECTED]>
> >> >> To: [EMAIL PROTECTED]
> >> >> Sent: Thursday, January 26, 2012 11:29 AM
> >> >> Subject: No security sources in 0.92.0 release tarballs.
> >> >>
> >> >> Ugh, it looks like we all missed that 0.92.0 release tarballs (both
> >> >> security compile and normal) do not contain any of the source of the
> >> >> security work.
> >> >>
> >> >> Jon.
> >> >>
> >> >> --
> >> >> // Jonathan Hsieh (shay)
> >> >> // Software Engineer, Cloudera
> >> >> // [EMAIL PROTECTED]
> >> >>
> >> >>
> >> >>
> >> >
> >>
> >
> >
> >
> > --
> > // Jonathan Hsieh (shay)
> > // Software Engineer, Cloudera
> > // [EMAIL PROTECTED]
>

--
// Jonathan Hsieh (shay)
// Software Engineer, Cloudera
// [EMAIL PROTECTED]