potiuk opened a new pull request, #6535: URL: https://github.com/apache/hive/pull/6535
This adds a **v0 security threat model + discoverability wiring** to `apache/hive`, produced by the ASF Security team for the Hive PMC to review and own — the pre-flight step for the Glasswing security scan the PMC opted into. **What's here** - **`THREAT_MODEL.md`** — a v0 model (Michael Scovetta rubric, run with Claude Opus) covering the **HiveServer2 SQL front door**, the **Metastore**, and the **UDF / SerDe / execution** layer: trust boundaries, in/out-of-scope adversaries, what Hive upholds vs. what it leaves to the operator (TLS, authorization-model choice, network isolation, UDF vetting), known non-findings, and triage dispositions. Every non-trivial claim is provenance-tagged `(documented)` / `(maintainer)` / `(inferred)`; the `(inferred)` ones are our hypotheses. - **`SECURITY.md`** — private reporting via `[email protected]` + a pointer to the model. - **`AGENTS.md`** — wires `AGENTS.md → SECURITY.md → THREAT_MODEL.md` so the scan agent (and researchers) can mechanically find the model. **How to engage** — this is a draft to *react to*, not a finished artifact. `THREAT_MODEL.md` §14 collects open questions in waves; answer inline a few at a time, correct anything wrong, and the model becomes the PMC's. Once you're happy, we queue the scan in OSS-criticality order. No deadline pressure with the Mythos 5 window being extended. Generated-by: Claude Opus 4.8 (1M context) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
