Dan Burkert has posted comments on this change. Change subject: [security] make Kudu CA issue certs valid for 10 years ......................................................................
Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/5984/1/src/kudu/master/master_cert_authority.cc File src/kudu/master/master_cert_authority.cc: Line 47: DECLARE_int64(ca_server_cert_exp_seconds); Could we come up with a consistent naming scheme for these internal PKI flags? I'm not crazy about the 'master_ca' prefix on the existing ones, but at least they are consistent. I wouldn't be opposed to the 'ipki' prefix meaning 'internal PKI'. http://gerrit.cloudera.org:8080/#/c/5984/1/src/kudu/security/ca/cert_management.cc File src/kudu/security/ca/cert_management.cc: Line 46: DEFINE_int64(ca_root_ca_cert_exp_seconds, 10 * 365 * 24 * 60 * 60, I think it would be more appropriate to define these in master-cert-authority. The flags are specific to the internal PKI CA, and shouldn't show up in, e.g. the `kudu` or `kudu-tserver` binaries. -- To view, visit http://gerrit.cloudera.org:8080/5984 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I4a470b59be54726818abc462e51329846fd7b015 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
