Correct me if I am wrong, this seems to be a bug with a workaround but not an
exploitable security hole. ? if this is not a security hole, and the workaround
is realistic then we should go ahead with the current RC IMO.-roshan
On Tuesday, January 29, 2019, 10:26:53 AM PST, Kishorkumar Patil
<kishorvpa...@apache.org> wrote:
Aaron,
Thank you for patch and suggesting the work around in the mean time. The PR
for STORM-3317 is merged into master now.
Considering the work around exists for STORM-3317, I am open to either go
ahead with current RC or create a new one.
Thanks,
Kishor
On Tue, Jan 29, 2019 at 11:19 AM Aaron Gresch <agre...@gmail.com> wrote:
> The workaround for STORM-3317 is to force your
> java.security.auth.login.config file on the launcher box to remain in the
> same location as where it is hosted on the supervisors.
>
>
> On Mon, Jan 28, 2019 at 10:10 AM Aaron Gresch <agre...@gmail.com> wrote:
>
> >
> > Not sure if it affects the release, but STORM-3317 is a new bug in 2.0
> > where if your launcher box has the java.security.auth.login.config file
> in
> > a different location than the supervisors, uploading credentials will not
> > work.
> >
> > A PR is available that fixes the issue.
> >
> >
> >
> > On Tue, Jan 8, 2019 at 1:03 PM P. Taylor Goetz <ptgo...@gmail.com>
> wrote:
> >
> >> This is a call to vote on releasing Apache Storm 2.0.0 (rc4)
> >>
> >> Full list of changes in this release:
> >>
> >>
> >>
> https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.0.0-rc4/RELEASE_NOTES.html
> >>
> >> The tag/commit to be voted upon is v2.0.0:
> >>
> >>
> >>
> https://git-wip-us.apache.org/repos/asf?p=storm.git;a=tree;h=1eece73e8c9ed7f41d2f20f727bc7f644c499360;hb=ddee8decac57d1a4a0aa23cc76066609a2abc8d2
> >>
> >> The source archive being voted upon can be found here:
> >>
> >>
> >>
> https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.0.0-rc4/apache-storm-2.0.0-src.tar.gz
> >>
> >> Other release files, signatures and digests can be found here:
> >>
> >> https://dist.apache.org/repos/dist/dev/storm/apache-storm-2.0.0-rc4/
> >>
> >> The release artifacts are signed with the following key:
> >>
> >>
> >>
> https://git-wip-us.apache.org/repos/asf?p=storm.git;a=blob_plain;f=KEYS;hb=22b832708295fa2c15c4f3c70ac0d2bc6fded4bd
> >>
> >> The Nexus staging repository for this release is:
> >>
> >> https://repository.apache.org/content/repositories/orgapachestorm-1073
> >>
> >> Please vote on releasing this package as Apache Storm 2.0.0.
> >>
> >> When voting, please list the actions taken to verify the release.
> >>
> >> This vote will be open for at least 72 hours.
> >>
> >> [ ] +1 Release this package as Apache Storm 2.0.0
> >> [ ] 0 No opinion
> >> [ ] -1 Do not release this package because...
> >>
> >> Thanks to everyone who contributed to this release.
> >>
> >> -Taylor
> >
> >
>
