Yes, sorry for not explicitly stating it in my previous reply - this should be a community built from representatives across the entire ecosystem. My previous email was speaking to how we reach out to them.
On Thu, Jun 20, 2013 at 1:49 PM, Zheng, Kai <kai.zh...@intel.com> wrote: > In my view it should be for the whole ecosystem. One inspiration of this > is to ease the collaboration and discussion for the work on going about > token based authentication and SSO, which absolutely targets the ecosystem, > although the coming up libraries and facilities might reside in hadoop > common umbrella. > > -----Original Message----- > From: Alejandro Abdelnur [mailto:t...@cloudera.com] > Sent: Friday, June 21, 2013 1:32 AM > To: common-dev@hadoop.apache.org > Subject: Re: Fostering a Hadoop security dev community > > This sounds great, > > Is this restricted to the Hadoop project itself or the intention is to > cover the whole Hadoop ecosystem? If the later, how are you planning to > engage and sync up with the different projects? > > Thanks. > > > On Thu, Jun 20, 2013 at 9:45 AM, Larry McCay <lmc...@hortonworks.com> > wrote: > > > It would be great to have dedicated resources like these. > > One thing missing for cross cutting concerns like security is a source > > of truth for a holistic view of the entire model. > > A dedicated wiki space would allow for this view and facilitate the > > filing of Jiras that align with the big picture. > > > > On Thu, Jun 20, 2013 at 12:31 PM, Kevin Minder < > > kevin.min...@hortonworks.com > > > wrote: > > > > > Hi PMCs & Everyone, > > > > > > There are a number of significant, complex and overlapping efforts > > > underway to improve the Hadoop security model. Many involved are > > > struggling to form this into a cohesive whole across the numerous > > > Jiras > > and > > > within the traffic of common-dev. There has been a suggestion made > > > that having two additional pieces of infrastructure might help. > > > > > > 1) Establish a security-dev mailing list similar to hdfs-dev, > > > yarn-dev, mapreduce-dev, etc. that would help us have more focused > > > interaction on non-vulnerability security topics. I understand that > > > this might > > "devalue" > > > common-dev somewhat but the benefits might outweigh that. > > > > > > 2) Establish a corner of the wiki were cross cutting security design > > could > > > be worked out more collaboratively than a doc rev upload mechanism. > > > I > > fear > > > if we don't have this we will end up collaborating outside Apache > > > infrastructure which seems inappropriate. I understand the risk of > > losing > > > context in the individual Jiras but again my sense is that the > > cohesiveness > > > provided will outweigh the risk. > > > > > > I'm open to and interested in other suggestions for how others have > > solved > > > these types of cross cutting collaboration challenges. > > > > > > Thanks. > > > Kevin. > > > > > > > > > -- > Alejandro >
