It would be great to have dedicated resources like these. One thing missing for cross cutting concerns like security is a source of truth for a holistic view of the entire model. A dedicated wiki space would allow for this view and facilitate the filing of Jiras that align with the big picture.
On Thu, Jun 20, 2013 at 12:31 PM, Kevin Minder <kevin.min...@hortonworks.com > wrote: > Hi PMCs & Everyone, > > There are a number of significant, complex and overlapping efforts > underway to improve the Hadoop security model. Many involved are > struggling to form this into a cohesive whole across the numerous Jiras and > within the traffic of common-dev. There has been a suggestion made that > having two additional pieces of infrastructure might help. > > 1) Establish a security-dev mailing list similar to hdfs-dev, yarn-dev, > mapreduce-dev, etc. that would help us have more focused interaction on > non-vulnerability security topics. I understand that this might "devalue" > common-dev somewhat but the benefits might outweigh that. > > 2) Establish a corner of the wiki were cross cutting security design could > be worked out more collaboratively than a doc rev upload mechanism. I fear > if we don't have this we will end up collaborating outside Apache > infrastructure which seems inappropriate. I understand the risk of losing > context in the individual Jiras but again my sense is that the cohesiveness > provided will outweigh the risk. > > I'm open to and interested in other suggestions for how others have solved > these types of cross cutting collaboration challenges. > > Thanks. > Kevin. >
