Yes, sorry for not explicitly stating it in my previous reply - this should
be a community built from representatives across the entire ecosystem.
My previous email was speaking to how we reach out to them.
On Thu, Jun 20, 2013 at 1:49 PM, Zheng, Kai <[EMAIL PROTECTED]> wrote:
> In my view it should be for the whole ecosystem. One inspiration of this
> is to ease the collaboration and discussion for the work on going about
> token based authentication and SSO, which absolutely targets the ecosystem,
> although the coming up libraries and facilities might reside in hadoop
> common umbrella.
> -----Original Message-----
> From: Alejandro Abdelnur [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 21, 2013 1:32 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Fostering a Hadoop security dev community
> This sounds great,
> Is this restricted to the Hadoop project itself or the intention is to
> cover the whole Hadoop ecosystem? If the later, how are you planning to
> engage and sync up with the different projects?
> On Thu, Jun 20, 2013 at 9:45 AM, Larry McCay <[EMAIL PROTECTED]>
> > It would be great to have dedicated resources like these.
> > One thing missing for cross cutting concerns like security is a source
> > of truth for a holistic view of the entire model.
> > A dedicated wiki space would allow for this view and facilitate the
> > filing of Jiras that align with the big picture.
> > On Thu, Jun 20, 2013 at 12:31 PM, Kevin Minder <
> > [EMAIL PROTECTED]
> > > wrote:
> > > Hi PMCs & Everyone,
> > >
> > > There are a number of significant, complex and overlapping efforts
> > > underway to improve the Hadoop security model. Many involved are
> > > struggling to form this into a cohesive whole across the numerous
> > > Jiras
> > and
> > > within the traffic of common-dev. There has been a suggestion made
> > > that having two additional pieces of infrastructure might help.
> > >
> > > 1) Establish a security-dev mailing list similar to hdfs-dev,
> > > yarn-dev, mapreduce-dev, etc. that would help us have more focused
> > > interaction on non-vulnerability security topics. I understand that
> > > this might
> > "devalue"
> > > common-dev somewhat but the benefits might outweigh that.
> > >
> > > 2) Establish a corner of the wiki were cross cutting security design
> > could
> > > be worked out more collaboratively than a doc rev upload mechanism.
> > > I
> > fear
> > > if we don't have this we will end up collaborating outside Apache
> > > infrastructure which seems inappropriate. I understand the risk of
> > losing
> > > context in the individual Jiras but again my sense is that the
> > cohesiveness
> > > provided will outweigh the risk.
> > >
> > > I'm open to and interested in other suggestions for how others have
> > solved
> > > these types of cross cutting collaboration challenges.
> > >
> > > Thanks.
> > > Kevin.
> > >