Re: [VOTE] Release Apache Flume 1.5.1 RC1
Thanks Hari for all the work. -roshan On Mon, Nov 10, 2014 at 10:55 PM, Hari Shreedharan < hshreedha...@cloudera.com> wrote: > This vote is now closed. > > > > > This vote has passed with 4 +1 binding votes: > > - Arvind Prabhakar > > - Roshan Naik > > - Hari Shreedharan > > - Jarcec > > > > > Non-binding +1 votes: > > - Ashish Paliwal > > > > > No +0 or -1 votes were received. > > > > > As a result, this RC has passed and will be promoted to the Apache Flume > 1.5.1 release. I will send out an email announcing the release soon! > > > > > > Thanks, > Hari > > On Mon, Nov 10, 2014 at 9:33 PM, Jarek Jarcec Cecho > wrote: > > > +1 > > * Verified checksums and signature files > > * Verified that each jar in binary tarball is in the license > > * Checked top level files (NOTICE, ...) > > * Run tests > > Jarcec > >> On Nov 6, 2014, at 3:17 PM, Hari Shreedharan > wrote: > >> > >> This is the seventh release for Apache Flume as a top-level project, > >> version 1.5.1. We are voting on release candidate RC1. > >> > >> It fixes the following issues: > >> > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 > >> > >> *** Please cast your vote within the next 72 hours *** > >> > >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) > >> for the source and binary artifacts can be found here: > >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ > >> > >> Maven staging repo: > >> > https://repository.apache.org/content/repositories/orgapacheflume-1006/ > >> > >> The tag to be voted on: > >> > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 > >> > >> Flume's KEYS file containing PGP keys we use to sign the release: > >> http://www.apache.org/dist/flume/KEYS > >> > >> Thanks, > >> Hari > -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
Re: [VOTE] Release Apache Flume 1.5.1 RC1
This vote is now closed. This vote has passed with 4 +1 binding votes: - Arvind Prabhakar - Roshan Naik - Hari Shreedharan - Jarcec Non-binding +1 votes: - Ashish Paliwal No +0 or -1 votes were received. As a result, this RC has passed and will be promoted to the Apache Flume 1.5.1 release. I will send out an email announcing the release soon! Thanks, Hari On Mon, Nov 10, 2014 at 9:33 PM, Jarek Jarcec Cecho wrote: > +1 > * Verified checksums and signature files > * Verified that each jar in binary tarball is in the license > * Checked top level files (NOTICE, ...) > * Run tests > Jarcec >> On Nov 6, 2014, at 3:17 PM, Hari Shreedharan >> wrote: >> >> This is the seventh release for Apache Flume as a top-level project, >> version 1.5.1. We are voting on release candidate RC1. >> >> It fixes the following issues: >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> *** Please cast your vote within the next 72 hours *** >> >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) >> for the source and binary artifacts can be found here: >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ >> >> Maven staging repo: >> https://repository.apache.org/content/repositories/orgapacheflume-1006/ >> >> The tag to be voted on: >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> Flume's KEYS file containing PGP keys we use to sign the release: >> http://www.apache.org/dist/flume/KEYS >> >> Thanks, >> Hari
Re: [VOTE] Release Apache Flume 1.5.1 RC1
+1 * Verified checksums and signature files * Verified that each jar in binary tarball is in the license * Checked top level files (NOTICE, ...) * Run tests Jarcec > On Nov 6, 2014, at 3:17 PM, Hari Shreedharan > wrote: > > This is the seventh release for Apache Flume as a top-level project, > version 1.5.1. We are voting on release candidate RC1. > > It fixes the following issues: > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 > > *** Please cast your vote within the next 72 hours *** > > The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) > for the source and binary artifacts can be found here: > https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ > > Maven staging repo: > https://repository.apache.org/content/repositories/orgapacheflume-1006/ > > The tag to be voted on: > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 > > Flume's KEYS file containing PGP keys we use to sign the release: > http://www.apache.org/dist/flume/KEYS > > Thanks, > Hari
Re: [VOTE] Release Apache Flume 1.5.1 RC1
My vote: +1. * Verified checksums * Verified signatures * Checked NOTICE, CHANGELOG, README, RELEASE-NOTES etc. Thanks, Hari On Mon, Nov 10, 2014 at 6:18 PM, Roshan Naik wrote: > Wouldnt we want to document in the http source section that SSL is being > blocked ? > -roshan > On Mon, Nov 10, 2014 at 2:56 PM, Hari Shreedharan > wrote: >> The HTTP Source does not have any config parameter in the user guide. Only >> for the Avro Source, is there configuration mentioned in the user guide >> (though for now, it is possible to use SSLv3, but we can disable that in a >> future release - right now we provide the option, so I guess that would be >> enough). So I guess we are ok? >> >> >> Thanks, >> Hari >> >> On Mon, Nov 10, 2014 at 2:51 PM, Roshan Naik >> wrote: >> >> > Looks like most major companies/products are moving away from SSLv2 & 3 >> > very quickly. I am ok with disabling it completely and allowing user to >> add >> > more protocols to disable list. Not a security expert & not sure how much >> > of a backward compat issue this implies. >> > I am fine with supporting the hard coded ban on the protocols in Avro >> > source with additional ban as per user config. Also fine with adding the >> > same behavior later to a later release. i think its good to keep the same >> > strategy for both Avro and HTTPS. >> > If the intent is to add the configurable option to HTTPS in a later >> > release, then please drop the setting from the doc too. We can track the >> > pending work for HTTPS on another jira. >> > -roshan >> > On Mon, Nov 10, 2014 at 11:15 AM, Hari Shreedharan < >> > hshreedha...@cloudera.com> wrote: >> >> Roshan, >> >> >> >> >> >> >> >> >> >> The Avro Source does make it configurable - >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob;f=flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java;h=59ee43a8e1b758ca3d98ba572a885ee2f01b7bed;hb=HEAD#l185 >> >> >> >> >> >> >> >> >> >> >> >> But the HTTPSource disables it completely (it is not a configurable >> >> option). >> >> >> >> >> >> >> >> >> >> Should we remove the option from the Avro Source (or add these two to >> the >> >> list of excluded protocols?). I believe it is best to not allow the >> >> protocols to be used at all, so it must be included anyway - any >> additional >> >> ones should just be added to these. I think we can add the configurable >> >> option for HTTP Source in a later release. >> >> >> >> >> >> Thanks, >> >> Hari >> >> >> >> On Sun, Nov 9, 2014 at 8:47 PM, Arvind Prabhakar >> >> wrote: >> >> >> >> > +1 >> >> > * Verified signatures >> >> > * Verified checksums >> >> > * Verified the tag (minor issues noted below - would be good to >> address >> >> if >> >> > there is RC2) >> >> > * Builds correctly >> >> > * All tests run with default profile and avro version set to 1.7.5 (to >> >> > avoid an issue with snappy on Mac OS) >> >> > Nits: >> >> > * The tag and sources match except that the src tarball contains the >> iml >> >> > files and does not contain the dev-support directory. Since both the >> iml >> >> > files and dev-support files are not related to product functionality, >> it >> >> is >> >> > OK for the tarball to not include them. However, if there is a respin >> it >> >> > would be good to address that. >> >> > * It is time we updated the avro version in the system to a newer >> >> release, >> >> > which among other things will allow people to build on Mac OS without >> >> > running into the JDK7+Snappy 1.0.4 problem where tests because native >> >> > library does not load. >> >> > Regards, >> >> > Arvind >> >> > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan < >> >> hshreedha...@cloudera.com> >> >> > wrote: >> >> >> This is the seventh release for Apache Flume as a top-level project, >> >> >> version 1.5.1. We are voting on release candidate RC1. >> >> >> >> >> >> It fixes the following issues: >> >> >> >> >> >> >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> >> >> >> >> *** Please cast your vote within the next 72 hours *** >> >> >> >> >> >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, >> *.sha1) >> >> >> for the source and binary artifacts can be found here: >> >> >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ >> >> >> >> >> >> Maven staging repo: >> >> >> >> >> https://repository.apache.org/content/repositories/orgapacheflume-1006/ >> >> >> >> >> >> The tag to be voted on: >> >> >> >> >> >> >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> >> >> >> >> Flume's KEYS file containing PGP keys we use to sign the release: >> >> >> http://www.apache.org/dist/flume/KEYS >> >> >> >> >> >> Thanks, >> >> >> Hari >> >> >> > -- >> > CONFIDENTIALITY NOTICE >> > NOTICE: This message is intended for the use of the individual or entity >> to >> > which it is addressed and may contain inform
Re: [VOTE] Release Apache Flume 1.5.1 RC1
I will update the documentation before I post it to the website — that should be good. Thanks, Hari On Mon, Nov 10, 2014 at 6:18 PM, Roshan Naik wrote: > Wouldnt we want to document in the http source section that SSL is being > blocked ? > -roshan > On Mon, Nov 10, 2014 at 2:56 PM, Hari Shreedharan > wrote: >> The HTTP Source does not have any config parameter in the user guide. Only >> for the Avro Source, is there configuration mentioned in the user guide >> (though for now, it is possible to use SSLv3, but we can disable that in a >> future release - right now we provide the option, so I guess that would be >> enough). So I guess we are ok? >> >> >> Thanks, >> Hari >> >> On Mon, Nov 10, 2014 at 2:51 PM, Roshan Naik >> wrote: >> >> > Looks like most major companies/products are moving away from SSLv2 & 3 >> > very quickly. I am ok with disabling it completely and allowing user to >> add >> > more protocols to disable list. Not a security expert & not sure how much >> > of a backward compat issue this implies. >> > I am fine with supporting the hard coded ban on the protocols in Avro >> > source with additional ban as per user config. Also fine with adding the >> > same behavior later to a later release. i think its good to keep the same >> > strategy for both Avro and HTTPS. >> > If the intent is to add the configurable option to HTTPS in a later >> > release, then please drop the setting from the doc too. We can track the >> > pending work for HTTPS on another jira. >> > -roshan >> > On Mon, Nov 10, 2014 at 11:15 AM, Hari Shreedharan < >> > hshreedha...@cloudera.com> wrote: >> >> Roshan, >> >> >> >> >> >> >> >> >> >> The Avro Source does make it configurable - >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob;f=flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java;h=59ee43a8e1b758ca3d98ba572a885ee2f01b7bed;hb=HEAD#l185 >> >> >> >> >> >> >> >> >> >> >> >> But the HTTPSource disables it completely (it is not a configurable >> >> option). >> >> >> >> >> >> >> >> >> >> Should we remove the option from the Avro Source (or add these two to >> the >> >> list of excluded protocols?). I believe it is best to not allow the >> >> protocols to be used at all, so it must be included anyway - any >> additional >> >> ones should just be added to these. I think we can add the configurable >> >> option for HTTP Source in a later release. >> >> >> >> >> >> Thanks, >> >> Hari >> >> >> >> On Sun, Nov 9, 2014 at 8:47 PM, Arvind Prabhakar >> >> wrote: >> >> >> >> > +1 >> >> > * Verified signatures >> >> > * Verified checksums >> >> > * Verified the tag (minor issues noted below - would be good to >> address >> >> if >> >> > there is RC2) >> >> > * Builds correctly >> >> > * All tests run with default profile and avro version set to 1.7.5 (to >> >> > avoid an issue with snappy on Mac OS) >> >> > Nits: >> >> > * The tag and sources match except that the src tarball contains the >> iml >> >> > files and does not contain the dev-support directory. Since both the >> iml >> >> > files and dev-support files are not related to product functionality, >> it >> >> is >> >> > OK for the tarball to not include them. However, if there is a respin >> it >> >> > would be good to address that. >> >> > * It is time we updated the avro version in the system to a newer >> >> release, >> >> > which among other things will allow people to build on Mac OS without >> >> > running into the JDK7+Snappy 1.0.4 problem where tests because native >> >> > library does not load. >> >> > Regards, >> >> > Arvind >> >> > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan < >> >> hshreedha...@cloudera.com> >> >> > wrote: >> >> >> This is the seventh release for Apache Flume as a top-level project, >> >> >> version 1.5.1. We are voting on release candidate RC1. >> >> >> >> >> >> It fixes the following issues: >> >> >> >> >> >> >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> >> >> >> >> *** Please cast your vote within the next 72 hours *** >> >> >> >> >> >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, >> *.sha1) >> >> >> for the source and binary artifacts can be found here: >> >> >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ >> >> >> >> >> >> Maven staging repo: >> >> >> >> >> https://repository.apache.org/content/repositories/orgapacheflume-1006/ >> >> >> >> >> >> The tag to be voted on: >> >> >> >> >> >> >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> >> >> >> >> Flume's KEYS file containing PGP keys we use to sign the release: >> >> >> http://www.apache.org/dist/flume/KEYS >> >> >> >> >> >> Thanks, >> >> >> Hari >> >> >> > -- >> > CONFIDENTIALITY NOTICE >> > NOTICE: This message is intended for the use of the individual or entity >> to >> > which it is addressed and may contain information that is confidential, >> > pr
Re: [VOTE] Release Apache Flume 1.5.1 RC1
Wouldnt we want to document in the http source section that SSL is being blocked ? -roshan On Mon, Nov 10, 2014 at 2:56 PM, Hari Shreedharan wrote: > The HTTP Source does not have any config parameter in the user guide. Only > for the Avro Source, is there configuration mentioned in the user guide > (though for now, it is possible to use SSLv3, but we can disable that in a > future release - right now we provide the option, so I guess that would be > enough). So I guess we are ok? > > > Thanks, > Hari > > On Mon, Nov 10, 2014 at 2:51 PM, Roshan Naik > wrote: > > > Looks like most major companies/products are moving away from SSLv2 & 3 > > very quickly. I am ok with disabling it completely and allowing user to > add > > more protocols to disable list. Not a security expert & not sure how much > > of a backward compat issue this implies. > > I am fine with supporting the hard coded ban on the protocols in Avro > > source with additional ban as per user config. Also fine with adding the > > same behavior later to a later release. i think its good to keep the same > > strategy for both Avro and HTTPS. > > If the intent is to add the configurable option to HTTPS in a later > > release, then please drop the setting from the doc too. We can track the > > pending work for HTTPS on another jira. > > -roshan > > On Mon, Nov 10, 2014 at 11:15 AM, Hari Shreedharan < > > hshreedha...@cloudera.com> wrote: > >> Roshan, > >> > >> > >> > >> > >> The Avro Source does make it configurable - > >> > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob;f=flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java;h=59ee43a8e1b758ca3d98ba572a885ee2f01b7bed;hb=HEAD#l185 > >> > >> > >> > >> > >> > >> But the HTTPSource disables it completely (it is not a configurable > >> option). > >> > >> > >> > >> > >> Should we remove the option from the Avro Source (or add these two to > the > >> list of excluded protocols?). I believe it is best to not allow the > >> protocols to be used at all, so it must be included anyway - any > additional > >> ones should just be added to these. I think we can add the configurable > >> option for HTTP Source in a later release. > >> > >> > >> Thanks, > >> Hari > >> > >> On Sun, Nov 9, 2014 at 8:47 PM, Arvind Prabhakar > >> wrote: > >> > >> > +1 > >> > * Verified signatures > >> > * Verified checksums > >> > * Verified the tag (minor issues noted below - would be good to > address > >> if > >> > there is RC2) > >> > * Builds correctly > >> > * All tests run with default profile and avro version set to 1.7.5 (to > >> > avoid an issue with snappy on Mac OS) > >> > Nits: > >> > * The tag and sources match except that the src tarball contains the > iml > >> > files and does not contain the dev-support directory. Since both the > iml > >> > files and dev-support files are not related to product functionality, > it > >> is > >> > OK for the tarball to not include them. However, if there is a respin > it > >> > would be good to address that. > >> > * It is time we updated the avro version in the system to a newer > >> release, > >> > which among other things will allow people to build on Mac OS without > >> > running into the JDK7+Snappy 1.0.4 problem where tests because native > >> > library does not load. > >> > Regards, > >> > Arvind > >> > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan < > >> hshreedha...@cloudera.com> > >> > wrote: > >> >> This is the seventh release for Apache Flume as a top-level project, > >> >> version 1.5.1. We are voting on release candidate RC1. > >> >> > >> >> It fixes the following issues: > >> >> > >> >> > >> > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 > >> >> > >> >> *** Please cast your vote within the next 72 hours *** > >> >> > >> >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, > *.sha1) > >> >> for the source and binary artifacts can be found here: > >> >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ > >> >> > >> >> Maven staging repo: > >> >> > >> https://repository.apache.org/content/repositories/orgapacheflume-1006/ > >> >> > >> >> The tag to be voted on: > >> >> > >> >> > >> > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 > >> >> > >> >> Flume's KEYS file containing PGP keys we use to sign the release: > >> >> http://www.apache.org/dist/flume/KEYS > >> >> > >> >> Thanks, > >> >> Hari > >> > > -- > > CONFIDENTIALITY NOTICE > > NOTICE: This message is intended for the use of the individual or entity > to > > which it is addressed and may contain information that is confidential, > > privileged and exempt from disclosure under applicable law. If the reader > > of this message is not the intended recipient, you are hereby notified > that > > any printing, copying, dissemination, distribution, disclosure or > > forwarding of this communication is strictly prohibited. If you have
Re: [VOTE] Release Apache Flume 1.5.1 RC1
The HTTP Source does not have any config parameter in the user guide. Only for the Avro Source, is there configuration mentioned in the user guide (though for now, it is possible to use SSLv3, but we can disable that in a future release - right now we provide the option, so I guess that would be enough). So I guess we are ok? Thanks, Hari On Mon, Nov 10, 2014 at 2:51 PM, Roshan Naik wrote: > Looks like most major companies/products are moving away from SSLv2 & 3 > very quickly. I am ok with disabling it completely and allowing user to add > more protocols to disable list. Not a security expert & not sure how much > of a backward compat issue this implies. > I am fine with supporting the hard coded ban on the protocols in Avro > source with additional ban as per user config. Also fine with adding the > same behavior later to a later release. i think its good to keep the same > strategy for both Avro and HTTPS. > If the intent is to add the configurable option to HTTPS in a later > release, then please drop the setting from the doc too. We can track the > pending work for HTTPS on another jira. > -roshan > On Mon, Nov 10, 2014 at 11:15 AM, Hari Shreedharan < > hshreedha...@cloudera.com> wrote: >> Roshan, >> >> >> >> >> The Avro Source does make it configurable - >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob;f=flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java;h=59ee43a8e1b758ca3d98ba572a885ee2f01b7bed;hb=HEAD#l185 >> >> >> >> >> >> But the HTTPSource disables it completely (it is not a configurable >> option). >> >> >> >> >> Should we remove the option from the Avro Source (or add these two to the >> list of excluded protocols?). I believe it is best to not allow the >> protocols to be used at all, so it must be included anyway - any additional >> ones should just be added to these. I think we can add the configurable >> option for HTTP Source in a later release. >> >> >> Thanks, >> Hari >> >> On Sun, Nov 9, 2014 at 8:47 PM, Arvind Prabhakar >> wrote: >> >> > +1 >> > * Verified signatures >> > * Verified checksums >> > * Verified the tag (minor issues noted below - would be good to address >> if >> > there is RC2) >> > * Builds correctly >> > * All tests run with default profile and avro version set to 1.7.5 (to >> > avoid an issue with snappy on Mac OS) >> > Nits: >> > * The tag and sources match except that the src tarball contains the iml >> > files and does not contain the dev-support directory. Since both the iml >> > files and dev-support files are not related to product functionality, it >> is >> > OK for the tarball to not include them. However, if there is a respin it >> > would be good to address that. >> > * It is time we updated the avro version in the system to a newer >> release, >> > which among other things will allow people to build on Mac OS without >> > running into the JDK7+Snappy 1.0.4 problem where tests because native >> > library does not load. >> > Regards, >> > Arvind >> > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan < >> hshreedha...@cloudera.com> >> > wrote: >> >> This is the seventh release for Apache Flume as a top-level project, >> >> version 1.5.1. We are voting on release candidate RC1. >> >> >> >> It fixes the following issues: >> >> >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> >> >> *** Please cast your vote within the next 72 hours *** >> >> >> >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) >> >> for the source and binary artifacts can be found here: >> >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ >> >> >> >> Maven staging repo: >> >> >> https://repository.apache.org/content/repositories/orgapacheflume-1006/ >> >> >> >> The tag to be voted on: >> >> >> >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> >> >> Flume's KEYS file containing PGP keys we use to sign the release: >> >> http://www.apache.org/dist/flume/KEYS >> >> >> >> Thanks, >> >> Hari >> > -- > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity to > which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader > of this message is not the intended recipient, you are hereby notified that > any printing, copying, dissemination, distribution, disclosure or > forwarding of this communication is strictly prohibited. If you have > received this communication in error, please contact the sender immediately > and delete it from your system. Thank You.
Re: [VOTE] Release Apache Flume 1.5.1 RC1
That sounds good to me. Thanks for working on this release Hari. Regards, Arvind Prabhakar On Mon, Nov 10, 2014 at 11:10 AM, Hari Shreedharan < hshreedha...@cloudera.com> wrote: > It does not look like we ever actually included the dev-support directory > in the source tarball (I checked 1.3.1,1.4.0 and 1.5.0.1). If we need a > re-spin for another reason, I will try to fix the release process to pull > this in and remove the iml files. > > > > > Arvind - does that sound good to you? Otherwise I will spin another RC. > > > Thanks, > Hari > > On Sun, Nov 9, 2014 at 8:47 PM, Arvind Prabhakar > wrote: > > > +1 > > * Verified signatures > > * Verified checksums > > * Verified the tag (minor issues noted below - would be good to address > if > > there is RC2) > > * Builds correctly > > * All tests run with default profile and avro version set to 1.7.5 (to > > avoid an issue with snappy on Mac OS) > > Nits: > > * The tag and sources match except that the src tarball contains the iml > > files and does not contain the dev-support directory. Since both the iml > > files and dev-support files are not related to product functionality, it > is > > OK for the tarball to not include them. However, if there is a respin it > > would be good to address that. > > * It is time we updated the avro version in the system to a newer > release, > > which among other things will allow people to build on Mac OS without > > running into the JDK7+Snappy 1.0.4 problem where tests because native > > library does not load. > > Regards, > > Arvind > > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan < > hshreedha...@cloudera.com> > > wrote: > >> This is the seventh release for Apache Flume as a top-level project, > >> version 1.5.1. We are voting on release candidate RC1. > >> > >> It fixes the following issues: > >> > >> > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 > >> > >> *** Please cast your vote within the next 72 hours *** > >> > >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) > >> for the source and binary artifacts can be found here: > >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ > >> > >> Maven staging repo: > >> > https://repository.apache.org/content/repositories/orgapacheflume-1006/ > >> > >> The tag to be voted on: > >> > >> > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 > >> > >> Flume's KEYS file containing PGP keys we use to sign the release: > >> http://www.apache.org/dist/flume/KEYS > >> > >> Thanks, > >> Hari >
Re: [VOTE] Release Apache Flume 1.5.1 RC1
Looks like most major companies/products are moving away from SSLv2 & 3 very quickly. I am ok with disabling it completely and allowing user to add more protocols to disable list. Not a security expert & not sure how much of a backward compat issue this implies. I am fine with supporting the hard coded ban on the protocols in Avro source with additional ban as per user config. Also fine with adding the same behavior later to a later release. i think its good to keep the same strategy for both Avro and HTTPS. If the intent is to add the configurable option to HTTPS in a later release, then please drop the setting from the doc too. We can track the pending work for HTTPS on another jira. -roshan On Mon, Nov 10, 2014 at 11:15 AM, Hari Shreedharan < hshreedha...@cloudera.com> wrote: > Roshan, > > > > > The Avro Source does make it configurable - > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob;f=flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java;h=59ee43a8e1b758ca3d98ba572a885ee2f01b7bed;hb=HEAD#l185 > > > > > > But the HTTPSource disables it completely (it is not a configurable > option). > > > > > Should we remove the option from the Avro Source (or add these two to the > list of excluded protocols?). I believe it is best to not allow the > protocols to be used at all, so it must be included anyway - any additional > ones should just be added to these. I think we can add the configurable > option for HTTP Source in a later release. > > > Thanks, > Hari > > On Sun, Nov 9, 2014 at 8:47 PM, Arvind Prabhakar > wrote: > > > +1 > > * Verified signatures > > * Verified checksums > > * Verified the tag (minor issues noted below - would be good to address > if > > there is RC2) > > * Builds correctly > > * All tests run with default profile and avro version set to 1.7.5 (to > > avoid an issue with snappy on Mac OS) > > Nits: > > * The tag and sources match except that the src tarball contains the iml > > files and does not contain the dev-support directory. Since both the iml > > files and dev-support files are not related to product functionality, it > is > > OK for the tarball to not include them. However, if there is a respin it > > would be good to address that. > > * It is time we updated the avro version in the system to a newer > release, > > which among other things will allow people to build on Mac OS without > > running into the JDK7+Snappy 1.0.4 problem where tests because native > > library does not load. > > Regards, > > Arvind > > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan < > hshreedha...@cloudera.com> > > wrote: > >> This is the seventh release for Apache Flume as a top-level project, > >> version 1.5.1. We are voting on release candidate RC1. > >> > >> It fixes the following issues: > >> > >> > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 > >> > >> *** Please cast your vote within the next 72 hours *** > >> > >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) > >> for the source and binary artifacts can be found here: > >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ > >> > >> Maven staging repo: > >> > https://repository.apache.org/content/repositories/orgapacheflume-1006/ > >> > >> The tag to be voted on: > >> > >> > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 > >> > >> Flume's KEYS file containing PGP keys we use to sign the release: > >> http://www.apache.org/dist/flume/KEYS > >> > >> Thanks, > >> Hari > -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
Re: [VOTE] Release Apache Flume 1.5.1 RC1
Roshan, The Avro Source does make it configurable - https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob;f=flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java;h=59ee43a8e1b758ca3d98ba572a885ee2f01b7bed;hb=HEAD#l185 But the HTTPSource disables it completely (it is not a configurable option). Should we remove the option from the Avro Source (or add these two to the list of excluded protocols?). I believe it is best to not allow the protocols to be used at all, so it must be included anyway - any additional ones should just be added to these. I think we can add the configurable option for HTTP Source in a later release. Thanks, Hari On Sun, Nov 9, 2014 at 8:47 PM, Arvind Prabhakar wrote: > +1 > * Verified signatures > * Verified checksums > * Verified the tag (minor issues noted below - would be good to address if > there is RC2) > * Builds correctly > * All tests run with default profile and avro version set to 1.7.5 (to > avoid an issue with snappy on Mac OS) > Nits: > * The tag and sources match except that the src tarball contains the iml > files and does not contain the dev-support directory. Since both the iml > files and dev-support files are not related to product functionality, it is > OK for the tarball to not include them. However, if there is a respin it > would be good to address that. > * It is time we updated the avro version in the system to a newer release, > which among other things will allow people to build on Mac OS without > running into the JDK7+Snappy 1.0.4 problem where tests because native > library does not load. > Regards, > Arvind > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan > wrote: >> This is the seventh release for Apache Flume as a top-level project, >> version 1.5.1. We are voting on release candidate RC1. >> >> It fixes the following issues: >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> *** Please cast your vote within the next 72 hours *** >> >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) >> for the source and binary artifacts can be found here: >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ >> >> Maven staging repo: >> https://repository.apache.org/content/repositories/orgapacheflume-1006/ >> >> The tag to be voted on: >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> Flume's KEYS file containing PGP keys we use to sign the release: >> http://www.apache.org/dist/flume/KEYS >> >> Thanks, >> Hari
Re: [VOTE] Release Apache Flume 1.5.1 RC1
It does not look like we ever actually included the dev-support directory in the source tarball (I checked 1.3.1,1.4.0 and 1.5.0.1). If we need a re-spin for another reason, I will try to fix the release process to pull this in and remove the iml files. Arvind - does that sound good to you? Otherwise I will spin another RC. Thanks, Hari On Sun, Nov 9, 2014 at 8:47 PM, Arvind Prabhakar wrote: > +1 > * Verified signatures > * Verified checksums > * Verified the tag (minor issues noted below - would be good to address if > there is RC2) > * Builds correctly > * All tests run with default profile and avro version set to 1.7.5 (to > avoid an issue with snappy on Mac OS) > Nits: > * The tag and sources match except that the src tarball contains the iml > files and does not contain the dev-support directory. Since both the iml > files and dev-support files are not related to product functionality, it is > OK for the tarball to not include them. However, if there is a respin it > would be good to address that. > * It is time we updated the avro version in the system to a newer release, > which among other things will allow people to build on Mac OS without > running into the JDK7+Snappy 1.0.4 problem where tests because native > library does not load. > Regards, > Arvind > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan > wrote: >> This is the seventh release for Apache Flume as a top-level project, >> version 1.5.1. We are voting on release candidate RC1. >> >> It fixes the following issues: >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> *** Please cast your vote within the next 72 hours *** >> >> The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) >> for the source and binary artifacts can be found here: >> https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ >> >> Maven staging repo: >> https://repository.apache.org/content/repositories/orgapacheflume-1006/ >> >> The tag to be voted on: >> >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> >> Flume's KEYS file containing PGP keys we use to sign the release: >> http://www.apache.org/dist/flume/KEYS >> >> Thanks, >> Hari
Re: [VOTE] Release Apache Flume 1.5.1 RC1
Seems to be done correctly in AvroSource though. have not tested it. Would be good to have a simple unit test for this setting. -roshan On Sun, Nov 9, 2014 at 11:07 PM, Roshan Naik wrote: > The documentation for the new "exclude-protocols" settings is states: > > > Default = SSLv2Hello SSLv3 > Description = Space-separated list of SSL/TLS protocols to exclude > > > Which seems to indicate that it is possible to override the defaults > protocols that are listed there. > However the implementation completely disables the SSLv2Hello & SSLv3 > no matter what. > AFAICT .. the exclude-protocols does not appear to be used anywhere in the > code at least for HTTPSource. > > -roshan > > > > > > On Sun, Nov 9, 2014 at 8:46 PM, Arvind Prabhakar > wrote: > >> +1 >> >> * Verified signatures >> * Verified checksums >> * Verified the tag (minor issues noted below - would be good to address if >> there is RC2) >> * Builds correctly >> * All tests run with default profile and avro version set to 1.7.5 (to >> avoid an issue with snappy on Mac OS) >> >> Nits: >> * The tag and sources match except that the src tarball contains the iml >> files and does not contain the dev-support directory. Since both the iml >> files and dev-support files are not related to product functionality, it >> is >> OK for the tarball to not include them. However, if there is a respin it >> would be good to address that. >> * It is time we updated the avro version in the system to a newer release, >> which among other things will allow people to build on Mac OS without >> running into the JDK7+Snappy 1.0.4 problem where tests because native >> library does not load. >> >> Regards, >> Arvind >> >> On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan < >> hshreedha...@cloudera.com> >> wrote: >> >> > This is the seventh release for Apache Flume as a top-level project, >> > version 1.5.1. We are voting on release candidate RC1. >> > >> > It fixes the following issues: >> > >> > >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> > >> > *** Please cast your vote within the next 72 hours *** >> > >> > The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) >> > for the source and binary artifacts can be found here: >> > https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ >> > >> > Maven staging repo: >> > >> https://repository.apache.org/content/repositories/orgapacheflume-1006/ >> > >> > The tag to be voted on: >> > >> > >> https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 >> > >> > Flume's KEYS file containing PGP keys we use to sign the release: >> > http://www.apache.org/dist/flume/KEYS >> > >> > Thanks, >> > Hari >> > > -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
Re: [VOTE] Release Apache Flume 1.5.1 RC1
The documentation for the new "exclude-protocols" settings is states: Default = SSLv2Hello SSLv3 Description = Space-separated list of SSL/TLS protocols to exclude Which seems to indicate that it is possible to override the defaults protocols that are listed there. However the implementation completely disables the SSLv2Hello & SSLv3 no matter what. AFAICT .. the exclude-protocols does not appear to be used anywhere in the code at least for HTTPSource. -roshan On Sun, Nov 9, 2014 at 8:46 PM, Arvind Prabhakar wrote: > +1 > > * Verified signatures > * Verified checksums > * Verified the tag (minor issues noted below - would be good to address if > there is RC2) > * Builds correctly > * All tests run with default profile and avro version set to 1.7.5 (to > avoid an issue with snappy on Mac OS) > > Nits: > * The tag and sources match except that the src tarball contains the iml > files and does not contain the dev-support directory. Since both the iml > files and dev-support files are not related to product functionality, it is > OK for the tarball to not include them. However, if there is a respin it > would be good to address that. > * It is time we updated the avro version in the system to a newer release, > which among other things will allow people to build on Mac OS without > running into the JDK7+Snappy 1.0.4 problem where tests because native > library does not load. > > Regards, > Arvind > > On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan < > hshreedha...@cloudera.com> > wrote: > > > This is the seventh release for Apache Flume as a top-level project, > > version 1.5.1. We are voting on release candidate RC1. > > > > It fixes the following issues: > > > > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 > > > > *** Please cast your vote within the next 72 hours *** > > > > The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) > > for the source and binary artifacts can be found here: > > https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ > > > > Maven staging repo: > > > https://repository.apache.org/content/repositories/orgapacheflume-1006/ > > > > The tag to be voted on: > > > > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 > > > > Flume's KEYS file containing PGP keys we use to sign the release: > > http://www.apache.org/dist/flume/KEYS > > > > Thanks, > > Hari > -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
Re: [VOTE] Release Apache Flume 1.5.1 RC1
+1 * Verified signatures * Verified checksums * Verified the tag (minor issues noted below - would be good to address if there is RC2) * Builds correctly * All tests run with default profile and avro version set to 1.7.5 (to avoid an issue with snappy on Mac OS) Nits: * The tag and sources match except that the src tarball contains the iml files and does not contain the dev-support directory. Since both the iml files and dev-support files are not related to product functionality, it is OK for the tarball to not include them. However, if there is a respin it would be good to address that. * It is time we updated the avro version in the system to a newer release, which among other things will allow people to build on Mac OS without running into the JDK7+Snappy 1.0.4 problem where tests because native library does not load. Regards, Arvind On Thu, Nov 6, 2014 at 3:17 PM, Hari Shreedharan wrote: > This is the seventh release for Apache Flume as a top-level project, > version 1.5.1. We are voting on release candidate RC1. > > It fixes the following issues: > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 > > *** Please cast your vote within the next 72 hours *** > > The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) > for the source and binary artifacts can be found here: > https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ > > Maven staging repo: > https://repository.apache.org/content/repositories/orgapacheflume-1006/ > > The tag to be voted on: > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 > > Flume's KEYS file containing PGP keys we use to sign the release: > http://www.apache.org/dist/flume/KEYS > > Thanks, > Hari
Re: [VOTE] Release Apache Flume 1.5.1 RC1
+1 The build works fine and all test cases pass. On Fri, Nov 7, 2014 at 4:47 AM, Hari Shreedharan wrote: > This is the seventh release for Apache Flume as a top-level project, > version 1.5.1. We are voting on release candidate RC1. > > It fixes the following issues: > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=blob_plain;f=CHANGELOG;hb=c74804226bcee59823c0cbc09cdf803a3d9e6920 > > *** Please cast your vote within the next 72 hours *** > > The tarball (*.tar.gz), signature (*.asc), and checksums (*.md5, *.sha1) > for the source and binary artifacts can be found here: > https://people.apache.org/~hshreedharan/apache-flume-1.5.1-rc1/ > > Maven staging repo: > https://repository.apache.org/content/repositories/orgapacheflume-1006/ > > The tag to be voted on: > > https://git-wip-us.apache.org/repos/asf?p=flume.git;a=commit;h=c74804226bcee59823c0cbc09cdf803a3d9e6920 > > Flume's KEYS file containing PGP keys we use to sign the release: > http://www.apache.org/dist/flume/KEYS > > Thanks, > Hari -- thanks ashish Blog: http://www.ashishpaliwal.com/blog My Photo Galleries: http://www.pbase.com/ashishpaliwal