+
Jonathan Hsieh 2012-01-26, 19:29
+
Andrew Purtell 2012-01-26, 19:39
+
Gary Helmling 2012-01-26, 19:50
+
Andrew Purtell 2012-01-26, 19:50
+
Jonathan Hsieh 2012-01-26, 20:15
-
Re: No security sources in 0.92.0 release tarballs.Gary Helmling 2012-01-26, 20:30
Jon,
Thanks for spotting it. I'll pick it up. Assuming this means changes
to src/assembly/all.xml... I'll read up on the assembly plugin in.
--gh
On Thu, Jan 26, 2012 at 12:15 PM, Jonathan Hsieh <[EMAIL PROTECTED]> wrote:
> Andrew, Gary,
>
> Sorry, I should have written the initial message a little more clearly, but
> Gary's clarification is spot on.
>
> I've filed it as a 0.94 and 0.92.1 blocker.
> https://issues.apache.org/jira/browse/HBASE-5288
>
> Can one of you guys pick it up the fix for this?
>
> Jon.
>
> On Thu, Jan 26, 2012 at 11:50 AM, Andrew Purtell <[EMAIL PROTECTED]>wrote:
>
>> So I reread this and I probably misunderstood for a moment what Jon was
>> saying.
>>
>> I mentioned this in another email last week, regardless it is important to
>> tag security as alpha and anyone who wants to seriously use it for more
>> than just secure RPC is going to need to patch with HBASE-5195.
>>
>> So I presume 5195 and the sources will appear in 0.92.1.
>>
>>
>> Best regards,
>>
>> - Andy
>>
>> Problems worthy of attack prove their worth by hitting back. - Piet Hein
>> (via Tom White)
>>
>>
>> ----- Original Message -----
>> > From: Andrew Purtell <[EMAIL PROTECTED]>
>> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>> > Cc:
>> > Sent: Thursday, January 26, 2012 11:39 AM
>> > Subject: Re: No security sources in 0.92.0 release tarballs.
>> >
>> > Can't believe I missed that. I haven't been paying enough attention to
>> > upstream.
>> >
>> >
>> > However, this isn't the worst thing that could have happened, without
>> > HBASE-5195 in the upstream sources security isn't going to adequately
>> > protect Gets. Also there is a shell nit to fix (HBASE-5265).
>> >
>> >
>> > Put it 0.94. No problem. It wouldn't be unreasonable to consider
>> > coprocessors more baked than security in upstream.
>> >
>> >
>> > Best regards,
>> >
>> > - Andy
>> >
>> > Problems worthy of attack prove their worth by hitting back. - Piet Hein
>> (via
>> > Tom White)
>> >
>> >
>> >
>> >> ________________________________
>> >> From: Jonathan Hsieh <[EMAIL PROTECTED]>
>> >> To: [EMAIL PROTECTED]
>> >> Sent: Thursday, January 26, 2012 11:29 AM
>> >> Subject: No security sources in 0.92.0 release tarballs.
>> >>
>> >> Ugh, it looks like we all missed that 0.92.0 release tarballs (both
>> >> security compile and normal) do not contain any of the source of the
>> >> security work.
>> >>
>> >> Jon.
>> >>
>> >> --
>> >> // Jonathan Hsieh (shay)
>> >> // Software Engineer, Cloudera
>> >> // [EMAIL PROTECTED]
>> >>
>> >>
>> >>
>> >
>>
>
>
>
> --
> // Jonathan Hsieh (shay)
> // Software Engineer, Cloudera
> // [EMAIL PROTECTED]
Thanks for spotting it. I'll pick it up. Assuming this means changes
to src/assembly/all.xml... I'll read up on the assembly plugin in.
--gh
On Thu, Jan 26, 2012 at 12:15 PM, Jonathan Hsieh <[EMAIL PROTECTED]> wrote:
> Andrew, Gary,
>
> Sorry, I should have written the initial message a little more clearly, but
> Gary's clarification is spot on.
>
> I've filed it as a 0.94 and 0.92.1 blocker.
> https://issues.apache.org/jira/browse/HBASE-5288
>
> Can one of you guys pick it up the fix for this?
>
> Jon.
>
> On Thu, Jan 26, 2012 at 11:50 AM, Andrew Purtell <[EMAIL PROTECTED]>wrote:
>
>> So I reread this and I probably misunderstood for a moment what Jon was
>> saying.
>>
>> I mentioned this in another email last week, regardless it is important to
>> tag security as alpha and anyone who wants to seriously use it for more
>> than just secure RPC is going to need to patch with HBASE-5195.
>>
>> So I presume 5195 and the sources will appear in 0.92.1.
>>
>>
>> Best regards,
>>
>> - Andy
>>
>> Problems worthy of attack prove their worth by hitting back. - Piet Hein
>> (via Tom White)
>>
>>
>> ----- Original Message -----
>> > From: Andrew Purtell <[EMAIL PROTECTED]>
>> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>> > Cc:
>> > Sent: Thursday, January 26, 2012 11:39 AM
>> > Subject: Re: No security sources in 0.92.0 release tarballs.
>> >
>> > Can't believe I missed that. I haven't been paying enough attention to
>> > upstream.
>> >
>> >
>> > However, this isn't the worst thing that could have happened, without
>> > HBASE-5195 in the upstream sources security isn't going to adequately
>> > protect Gets. Also there is a shell nit to fix (HBASE-5265).
>> >
>> >
>> > Put it 0.94. No problem. It wouldn't be unreasonable to consider
>> > coprocessors more baked than security in upstream.
>> >
>> >
>> > Best regards,
>> >
>> > - Andy
>> >
>> > Problems worthy of attack prove their worth by hitting back. - Piet Hein
>> (via
>> > Tom White)
>> >
>> >
>> >
>> >> ________________________________
>> >> From: Jonathan Hsieh <[EMAIL PROTECTED]>
>> >> To: [EMAIL PROTECTED]
>> >> Sent: Thursday, January 26, 2012 11:29 AM
>> >> Subject: No security sources in 0.92.0 release tarballs.
>> >>
>> >> Ugh, it looks like we all missed that 0.92.0 release tarballs (both
>> >> security compile and normal) do not contain any of the source of the
>> >> security work.
>> >>
>> >> Jon.
>> >>
>> >> --
>> >> // Jonathan Hsieh (shay)
>> >> // Software Engineer, Cloudera
>> >> // [EMAIL PROTECTED]
>> >>
>> >>
>> >>
>> >
>>
>
>
>
> --
> // Jonathan Hsieh (shay)
> // Software Engineer, Cloudera
> // [EMAIL PROTECTED]
+
Jonathan Hsieh 2012-01-26, 22:11
