That's a good question.... I think that we could let the security vulnerability list know about it for one thing. There should be representatives of many - if not all - of the projects in the ecosystem.
I suppose we could file a Jira for each to have someone represent their security concerns to the larger security community? Any suggestions or thoughts on those ideas would be great. On Thu, Jun 20, 2013 at 1:31 PM, Alejandro Abdelnur <t...@cloudera.com>wrote: > This sounds great, > > Is this restricted to the Hadoop project itself or the intention is to > cover the whole Hadoop ecosystem? If the later, how are you planning to > engage and sync up with the different projects? > > Thanks. > > > On Thu, Jun 20, 2013 at 9:45 AM, Larry McCay <lmc...@hortonworks.com> > wrote: > > > It would be great to have dedicated resources like these. > > One thing missing for cross cutting concerns like security is a source of > > truth for a holistic view of the entire model. > > A dedicated wiki space would allow for this view and facilitate the > filing > > of Jiras that align with the big picture. > > > > On Thu, Jun 20, 2013 at 12:31 PM, Kevin Minder < > > kevin.min...@hortonworks.com > > > wrote: > > > > > Hi PMCs & Everyone, > > > > > > There are a number of significant, complex and overlapping efforts > > > underway to improve the Hadoop security model. Many involved are > > > struggling to form this into a cohesive whole across the numerous Jiras > > and > > > within the traffic of common-dev. There has been a suggestion made > that > > > having two additional pieces of infrastructure might help. > > > > > > 1) Establish a security-dev mailing list similar to hdfs-dev, yarn-dev, > > > mapreduce-dev, etc. that would help us have more focused interaction on > > > non-vulnerability security topics. I understand that this might > > "devalue" > > > common-dev somewhat but the benefits might outweigh that. > > > > > > 2) Establish a corner of the wiki were cross cutting security design > > could > > > be worked out more collaboratively than a doc rev upload mechanism. I > > fear > > > if we don't have this we will end up collaborating outside Apache > > > infrastructure which seems inappropriate. I understand the risk of > > losing > > > context in the individual Jiras but again my sense is that the > > cohesiveness > > > provided will outweigh the risk. > > > > > > I'm open to and interested in other suggestions for how others have > > solved > > > these types of cross cutting collaboration challenges. > > > > > > Thanks. > > > Kevin. > > > > > > > > > -- > Alejandro >
