The HTTP Source does not have any config parameter in the user guide. Only for the Avro Source, is there configuration mentioned in the user guide (though for now, it is possible to use SSLv3, but we can disable that in a future release - right now we provide the option, so I guess that would be enough). So I guess we are ok?
Thanks, Hari On Mon, Nov 10, 2014 at 2:51 PM, Roshan Naik <ros...@hortonworks.com> wrote: > Looks like most major companies/products are moving away from SSLv2 & 3 > very quickly. I am ok with disabling it completely and allowing user to add > more protocols to disable list. Not a security expert & not sure how much > of a backward compat issue this implies. > I am fine with supporting the hard coded ban on the protocols in Avro > source with additional ban as per user config. Also fine with adding the > same behavior later to a later release. i think its good to keep the same > strategy for both Avro and HTTPS. > If the intent is to add the configurable option to HTTPS in a later > release, then please drop the setting from the doc too. We can track the > pending work for HTTPS on another jira. > -roshan > On Mon, Nov 10, 2014 at 11:15 AM, Hari Shreedharan < > hshreedha...@cloudera.com> wrote: >> Roshan, >> >> >> >> >> The Avro Source does make it configurable - >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob;f=flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java;h=59ee43a8e1b758ca3d98ba572a885ee2f01b7bed;hb=HEAD#l185 >> >> >> >> >> >> But the HTTPSource disables it completely (it is not a configurable >> option). >> >> >> >> >> Should we remove the option from the Avro Source (or add these two to the >> list of excluded protocols?). I believe it is best to not allow the >> protocols to be used at all, so it must be included anyway - any additional >> ones should just be added to these. I think we can add the configurable >> option for HTTP Source in a later release. >> >> >> Thanks, >> Hari >> >> On Sun, Nov 9, 2014 at 8:47 PM, Arvind Prabhakar <arv...@apache.org> >> wrote: >> >> > +1 >> > * Verified signatures >> > * Verified checksums >> > * Verified the tag (minor issues noted below - would be good to address >> if >> > there is RC2) >> > * Builds correctly >> > * All tests run with default profile and avro version set to 1.7.5 (to >> > avoid an issue with snappy on Mac OS) >> > Nits: >> > * The tag and sources match except that the src tarball contains the iml >> > files and does not contain the dev-support directory. Since both the iml >> > files and dev-support files are not related to product functionality, it >> is >> > OK for the tarball to not include them. However, if there is a respin it >> > would be good to address that. >> > * It is time we updated the avro version in the system to a newer >> release, >> > which among other things will allow people to build on Mac OS without >> > running into the JDK7+Snappy 1.0.4 problem where tests because native >> > library does not load. >> > Regards, >> > Arvind >> > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan < >> hshreedha...@cloudera.com> >> > wrote: >> >> This is the seventh release for Apache Flume as a top-level project, >> >> version 1.5.1. We are voting on release candidate RC1. >> >> >> >> It fixes the following issues: >> >> >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> >> >> *** Please cast your vote within the next 72 hours *** >> >> >> >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) >> >> for the source and binary artifacts can be found here: >> >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ >> >> >> >> Maven staging repo: >> >> >> https://repository.apache.org/content/repositories/orgapacheflume-1006/ >> >> >> >> The tag to be voted on: >> >> >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> >> >> Flume's KEYS file containing PGP keys we use to sign the release: >> >> http://www.apache.org/dist/flume/KEYS >> >> >> >> Thanks, >> >> Hari >> > -- > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity to > which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader > of this message is not the intended recipient, you are hereby notified that > any printing, copying, dissemination, distribution, disclosure or > forwarding of this communication is strictly prohibited. If you have > received this communication in error, please contact the sender immediately > and delete it from your system. Thank You.
