Re: [VOTE] Graduate Apache HAWQ (incubating)
+1 (non binding) Bosco On 7/28/18, 9:27 PM, "侯宗田" wrote: +1 (non-binding) > On Jul 27, 2018, at 7:13 PM, Roman Shaposhnik wrote: > > Hi! > > after a very positive discussion in the HAWQ community > and at the IPMC level: > https://lists.apache.org/thread.html/67a2d52ef29cbf9e93d8050ed0193cc110a919962dd92f8436b343b7@%3Cdev.hawq.apache.org%3E > https://lists.apache.org/thread.html/3a142d758ef5ae119e421071893615992ea5ee937b5d02007f5e@%3Cgeneral.incubator.apache.org%3E > > I'd like to bring the following resolution for a formal vote. > > Please vote on the resolution pasted below to graduate > Apache HAWQ from the incubator to top level project. > > [ ] +1 Graduate Apache HAWQ from the Incubator. > [ ] +0 Don't care. > [ ] -1 Don't graduate Apache HAWQ from the Incubator because... > > This vote will be open for at least 72 hours. > > Many thanks to our mentors and everyone else for the support, > Roman (on behalf of the Apache HAWQ PPMC). > > ## Resolution to create a TLP from graduating Incubator podling > >X. Establish the Apache HAWQ Project > > WHEREAS, the Board of Directors deems it to be in the best > interests of the Foundation and consistent with the > Foundation's purpose to establish a Project Management > Committee charged with the creation and maintenance of > open-source software, for distribution at no charge to > the public, related to Hadoop native SQL query engine that > combines the key technological advantages of MPP database > with the scalability and convenience of Hadoop. > > NOW, THEREFORE, BE IT RESOLVED, that a Project Management > Committee (PMC), to be known as the "Apache HAWQ Project", > be and hereby is established pursuant to Bylaws of the > Foundation; and be it further > > RESOLVED, that the Apache HAWQ Project be and hereby is > responsible for the creation and maintenance of software > related to Hadoop native SQL query engine that > combines the key technological advantages of MPP database > with the scalability and convenience of Hadoop; > and be it further > > RESOLVED, that the office of "Vice President, Apache HAWQ" be > and hereby is created, the person holding such office to > serve at the direction of the Board of Directors as the chair > of the Apache HAWQ Project, and to have primary responsibility > for management of the projects within the scope of > responsibility of the Apache HAWQ Project; and be it further > > RESOLVED, that the persons listed immediately below be and > hereby are appointed to serve as the initial members of the > Apache HAWQ Project: > >* Alan Gates >* Alexander Denissov >* Amy Bai >* Atri Sharma >* Bhuvnesh Chaudhary >* Bosco >* Chunling Wang >* David Yozie >* Ed Espino >* Entong Shen >* Foyzur Rahman >* Goden Yao >* Gregory Chase >* Hong Wu >* Hongxu Ma >* Hubert Zhang >* Ivan Weng >* Jesse Zhang >* Jiali Yao >* Jun Aoki >* Kavinder Dhaliwal >* Lav Jain >* Lei Chang >* Lili Ma >* Lirong Jian >* Lisa Owen >* Ming Li >* Mohamed Soliman >* Newton Alex >* Noa Horn >* Oleksandr Diachenko >* Paul Guo >* Radar Da Lei >* Roman Shaposhnik >* Ruilong Huo >* Shivram Mani >* Shubham Sharma >* Tushar Pednekar >* Venkatesh Raghavan >* Vineet Goel >
Re: [VOTE] Accept Eagle into Apache Incubation
+1 non binding Bosco _ From: Li YangSent: Sunday, October 25, 2015 8:13 PM Subject: Re: [VOTE] Accept Eagle into Apache Incubation To: +1 (non-binding) On Mon, Oct 26, 2015 at 10:50 AM, hongbin ma wrote: > +1 (non binding) > > On Mon, Oct 26, 2015 at 12:20 AM, Ralph Goers > wrote: > > > +1 (binding) > > > > Ralph > > > > > On Oct 23, 2015, at 7:11 AM, Manoharan, Arun > > wrote: > > > > > > Hello Everyone, > > > > > > Thanks for all the feedback on the Eagle Proposal. > > > > > > I would like to call for a [VOTE] on Eagle joining the ASF as an > > incubation project. > > > > > > The vote is open for 72 hours: > > > > > > [ ] +1 accept Eagle in the Incubator > > > [ ] ±0 > > > [ ] -1 (please give reason) > > > > > > Eagle is a Monitoring solution for Hadoop to instantly identify access > > to sensitive data, recognize attacks, malicious activities and take > actions > > in real time. Eagle supports a wide variety of policies on HDFS data and > > Hive. Eagle also provides machine learning models for detecting anomalous > > user behavior in Hadoop. > > > > > > The proposal is available on the wiki here: > > > https://wiki.apache.org/incubator/EagleProposal > > > > > > The text of the proposal is also available at the end of this email. > > > > > > Thanks for your time and help. > > > > > > Thanks, > > > Arun > > > > > > > > > > > > Eagle > > > > > > Abstract > > > Eagle is an Open Source Monitoring solution for Hadoop to instantly > > identify access to sensitive data, recognize attacks, malicious > activities > > in hadoop and take actions. > > > > > > Proposal > > > Eagle audits access to HDFS files, Hive and HBase tables in real time, > > enforces policies defined on sensitive data access and alerts or blocks > > user’s access to that sensitive data in real time. Eagle also creates > user > > profiles based on the typical access behaviour for HDFS and Hive and > sends > > alerts when anomalous behaviour is detected. Eagle can also import > > sensitive data information classified by external classification engines > to > > help define its policies. > > > > > > Overview of Eagle > > > Eagle has 3 main parts. > > > 1.Data collection and storage - Eagle collects data from various hadoop > > logs in real time using Kafka/Yarn API and uses HDFS and HBase for > storage. > > > 2.Data processing and policy engine - Eagle allows users to create > > policies based on various metadata properties on HDFS, Hive and HBase > data. > > > 3.Eagle services - Eagle services include policy manager, query service > > and the visualization component. Eagle provides intuitive user interface > to > > administer Eagle and an alert dashboard to respond to real time alerts. > > > > > > Data Collection and Storage: > > > Eagle provides programming API for extending Eagle to integrate any > data > > source into Eagle policy evaluation framework. For example, Eagle hdfs > > audit monitoring collects data from Kafka which is populated from > namenode > > log4j appender or from logstash agent. Eagle hive monitoring collects > hive > > query logs from running job through YARN API, which is designed to be > > scalable and fault-tolerant. Eagle uses HBase as storage for storing > > metadata and metrics data, and also supports relational database through > > configuration change. > > > > > > Data Processing and Policy Engine: > > > Processing Engine: Eagle provides stream processing API which is an > > abstraction of Apache Storm. It can also be extended to other streaming > > engines. This abstraction allows developers to assemble data > > transformation, filtering, external data join etc. without physically > bound > > to a specific streaming platform. Eagle streaming API allows developers > to > > easily integrate business logic with Eagle policy engine and internally > > Eagle framework compiles business logic execution DAG into program > > primitives of underlying stream infrastructure e.g. Apache Storm. For > > example, Eagle HDFS monitoring transforms audit log from Namenode to > object > > and joins sensitivity metadata, security zone metadata which are > generated > > from external programs or configured by user. Eagle hive monitoring > filters > > running jobs to get hive query string and parses query string into object > > and then joins sensitivity metadata. > > > Alerting Framework: Eagle Alert Framework includes stream metadata API, > > scalable policy engine framework, extensible policy engine framework. > > Stream metadata API allows developers to declare event schema including > > what attributes constitute an event, what is the type for each attribute, > > and how to dynamically resolve attribute value in runtime when user > > configures policy. Scalable policy engine framework allows policies to be > > executed on different physical nodes in parallel. It is
Re: [DISCUSS] Eagle incubator proposal
Hi Arun This looks really good and fills some obvious gaps in the security landscape. Happy to contribute anyway you want. All the best!!! Bosco On 10/20/15, 8:02 AM, "Alex Karasulu"wrote: >Hi Arun, > >Eagle sounds very promising. I just had a discussion with someone about >this exact need. I do however agree with Greg on the name. As far as I can >see, besides the name, your weakest point is the all eBay employed team. >It's not a blocker and can be fixed during incubation. Good luck to you. > >Alex > > >On Tue, Oct 20, 2015 at 5:51 PM, Manoharan, Arun >wrote: > >> Hi Greg, >> >> Thank you for reviewing the proposal. >> >> Originally we thought Eagle might be trademarked by someone already but I >> went thru eBay legal team to get the clearance for the name to be used. We >> will look into it again to see if there will be potential problems. >> >> Thanks, >> Arun >> >> On 10/20/15, 1:52 AM, "Greg Stein" wrote: >> >> >Hey there, Arun! ... I have no commentary on the proposal itself, as it >> >looks like a great proposal. I would suggest being a bit wary of the name, >> >as "Eagle" is a *very* popular PCB design program. >> > >> >On Mon, Oct 19, 2015 at 10:33 AM, Manoharan, Arun >> >wrote: >> > >> >> Hello Everyone, >> >> >> >> My name is Arun Manoharan. Currently a product manager in the Analytics >> >> platform team at eBay Inc. >> >> >> >> I would like to start a discussion on Eagle and its joining the ASF as >> >>an >> >> incubation project. >> >> >> >> Eagle is a Monitoring solution for Hadoop to instantly identify access >> >>to >> >> sensitive data, recognize attacks, malicious activities and take >> >>actions in >> >> real time. Eagle supports a wide variety of policies on HDFS data and >> >>Hive. >> >> Eagle also provides machine learning models for detecting anomalous user >> >> behavior in Hadoop. >> >> >> >> The proposal is available on the wiki here: >> >> https://wiki.apache.org/incubator/EagleProposal >> >> >> >> The text of the proposal is also available at the end of this email. >> >> >> >> Thanks for your time and help. >> >> >> >> Thanks, >> >> Arun >> >> >> >> >> >> >> >> Eagle >> >> >> >> Abstract >> >> Eagle is an Open Source Monitoring solution for Hadoop to instantly >> >> identify access to sensitive data, recognize attacks, malicious >> >>activities >> >> in hadoop and take actions. >> >> >> >> Proposal >> >> Eagle audits access to HDFS files, Hive and HBase tables in real time, >> >> enforces policies defined on sensitive data access and alerts or blocks >> >> user¹s access to that sensitive data in real time. Eagle also creates >> >>user >> >> profiles based on the typical access behaviour for HDFS and Hive and >> >>sends >> >> alerts when anomalous behaviour is detected. Eagle can also import >> >> sensitive data information classified by external classification >> >>engines to >> >> help define its policies. >> >> >> >> Overview of Eagle >> >> Eagle has 3 main parts. >> >> 1.Data collection and storage - Eagle collects data from various hadoop >> >> logs in real time using Kafka/Yarn API and uses HDFS and HBase for >> >>storage. >> >> 2.Data processing and policy engine - Eagle allows users to create >> >> policies based on various metadata properties on HDFS, Hive and HBase >> >>data. >> >> 3.Eagle services - Eagle services include policy manager, query service >> >> and the visualization component. Eagle provides intuitive user >> >>interface to >> >> administer Eagle and an alert dashboard to respond to real time alerts. >> >> >> >> Data Collection and Storage: >> >> Eagle provides programming API for extending Eagle to integrate any data >> >> source into Eagle policy evaluation framework. For example, Eagle hdfs >> >> audit monitoring collects data from Kafka which is populated from >> >>namenode >> >> log4j appender or from logstash agent. Eagle hive monitoring collects >> >>hive >> >> query logs from running job through YARN API, which is designed to be >> >> scalable and fault-tolerant. Eagle uses HBase as storage for storing >> >> metadata and metrics data, and also supports relational database through >> >> configuration change. >> >> >> >> Data Processing and Policy Engine: >> >> Processing Engine: Eagle provides stream processing API which is an >> >> abstraction of Apache Storm. It can also be extended to other streaming >> >> engines. This abstraction allows developers to assemble data >> >> transformation, filtering, external data join etc. without physically >> >>bound >> >> to a specific streaming platform. Eagle streaming API allows developers >> >>to >> >> easily integrate business logic with Eagle policy engine and internally >> >> Eagle framework compiles business logic execution DAG into program >> >> primitives of underlying stream infrastructure e.g. Apache Storm. For >> >> example, Eagle HDFS monitoring transforms audit
Re: [VOTE] Accept MADlib into the Apache Incubator
+1 (non binding) On 9/11/15, 10:02 AM, "Gautam Muralidhar"wrote: >+1 nonbinding > >Sent from my iPhone > >> On Sep 11, 2015, at 9:43 PM, Gregory Chase wrote: >> >> +1 nonbinding >> >>> On Fri, Sep 11, 2015 at 8:12 AM, Chris Rawles >>>wrote: >>> >>> -- >>> Chris >> >> >> >> -- >> Greg Chase >> >> Director of Big Data Communities >> http://www.pivotal.io/big-data >> >> Pivotal Software >> http://www.pivotal.io/ >> >> 650-215-0477 >> @GregChase >> Blog: http://geekmarketing.biz/ > >- >To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >For additional commands, e-mail: general-h...@incubator.apache.org > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Accept HAWQ into the Apache Incubator
gnment section, HAWQ may consider various >>> > degrees of integration and code exchange with Apache Hadoop, Apache >>> > Spark and Apache Hive projects. We expect integration points to be >>> > inside and outside the project. We look forward to collaborating with >>> > these communities as well as other communities under the Apache >>> > umbrella. >>> > >>> > === An Excessive Fascination with the Apache Brand === >>> > While we intend to leverage the Apache ‘branding’ when talking to >>> > other projects as testament of our project’s ‘neutrality’, we have no >>> > plans for making use of Apache brand in press releases nor posting >>> > billboards advertising acceptance of HAWQ into Apache Incubator. >>> > >>> > == Documentation == >>> > The documentation is currently available at >>>http://hawq.docs.pivotal.io/ >>> > >>> > == Initial Source == >>> > Initial source code will be available immediately after Incubator PMC >>> > approves HAWQ joining the Incubator and will be licensed under the >>> > Apache License v2. >>> > >>> > == Source and Intellectual Property Submission Plan == >>> > As soon as HAWQ is approved to join the Incubator, the source code >>> > will be transitioned via an exhibit to Pivotal's current Software >>> > Grant Agreement onto ASF infrastructure and in turn made available >>> > under the Apache License, version 2.0. We know of no legal >>> > encumberments that would inhibit the transfer of source code to the >>> > ASF. >>> > >>> > == External Dependencies == >>> > >>> > Runtime dependencies: >>> > * gimli (BSD) >>> > * openldap (The OpenLDAP Public License) >>> > * openssl (OpenSSL License and the Original SSLeay License, BSD >>>style) >>> > * proj (MIT) >>> > * yaml (Creative Commons Attribution 2.0 License) >>> > * python (Python Software Foundation License Version 2) >>> > * apr-util (Apache Version 2.0) >>> > * bzip2 (BSD-style License) >>> > * curl (MIT/X Derivate License) >>> > * gperf (GPL Version 3) >>> > * protobuf (Google) >>> > * libevent (BSD) >>> > * json-c (https://github.com/json-c/json-c/blob/master/COPYING) >>> > * krb5 (MIT) >>> > * pcre (BSD) >>> > * libedit (BSD) >>> > * libxml2 (MIT) >>> > * zlib (Permissive Free Software License) >>> > * libgsasl (LGPL Version 2.1) >>> > * thrift (Apache Version 2.0) >>> > * snappy (Apache Version 2.0 (up to 1.0.1)/New BSD) >>> > * libuuid-2.26 (LGPL Version 2) >>> > * apache hadoop (Apache Version 2.0) >>> > * apache avro (Apache Version 2.0) >>> > * glog (BSD) >>> > * googlemock (BSD) >>> > >>> > Build only dependencies: >>> > * ant (Apache Version 2.0) >>> > * maven (Apache Version 2.0) >>> > * cmake (BSD) >>> > >>> > Test only dependencies: >>> > * googletest (BSD) >>> > >>> > Cryptography N/A >>> > >>> > == Required Resources == >>> > >>> > === Mailing lists === >>> > * priv...@hawq.incubator.apache.org (moderated subscriptions) >>> > * comm...@hawq.incubator.apache.org >>> > * d...@hawq.incubator.apache.org >>> > * iss...@hawq.incubator.apache.org >>> > * u...@hawq.incubator.apache.org >>> > >>> > === Git Repository === >>> > https://git-wip-us.apache.org/repos/asf/incubator-hawq.git >>> > >>> > === Issue Tracking === >>> > JIRA Project HAWQ (HAWQ) >>> > >>> > === Other Resources === >>> > >>> > Means of setting up regular builds for HAWQ on builds.apache.org will >>> > require integration with Docker support. >>> > >>> > == Initial Committers == >>> > * Lirong Jian >>> > * Hubert Huan Zhang >>> > * Radar Da Lei >>> > * Ivan Yanqing Weng >>> > * Zhanwei Wang >>> > * Yi Jin >>> > * Lili Ma >>> > * Jiali Yao >>> > * Zhenglin Tao >>> > * Ruilong Huo >>> > * Ming Li >>> > * Wen Lin >>> > * Lei Chang >>> > * Alexander V Denissov >>> > * Newton Alex >>> > * Oleksandr Diachenko >>> > * Jun Aoki >>> > * Bhuvnesh Chaudhary >>> > * Vineet Goel >>> > * Shivram Mani >>> > * Noa Horn >>> > * Sujeet S Varakhedi >>> > * Junwei (Jimmy) Da >>> > * Ting (Goden) Yao >>> > * Mohammad F (Foyzur) Rahman >>> > * Entong Shen >>> > * George C Caragea >>> > * Amr El-Helw >>> > * Mohamed F Soliman >>> > * Venkatesh (Venky) Raghavan >>> > * Carlos Garcia >>> > * Zixi (Jesse) Zhang >>> > * Michael P Schubert >>> > * C.J. Jameson >>> > * Jacob Frank >>> > * Ben Calegari >>> > * Shoabe Shariff >>> > * Rob Day-Reynolds >>> > * Mel S Kiyama >>> > * Charles Alan Litzell >>> > * David Yozie >>> > * Ed Espino >>> > * Caleb Welton >>> > * Parham Parvizi >>> > * Dan Baskette >>> > * Christian Tzolov >>> > * Tushar Pednekar >>> > * Greg Chase >>> > * Chloe Jackson >>> > * Michael Nixon >>> > * Roman Shaposhnik >>> > * Alan Gates >>> > * Owen O'Malley >>> > * Thejas Nair >>> > * Don Bosco Durai >>> > * Konstantin Boudnik >>> > * Sergey Soldatov >>> > * Atri Sharma >>> > >>> > == Affiliations == >>> > * Barclays: Atri Sharma >>> > * Bloomberg: Justin Erenkrantz >>> > * Hortonworks: Alan Gates, Owen O'Malley, Thejas Nair, Don Bosco >>>Durai >>> > * WANDisco: Konstantin Boudnik, Sergey Soldatov >>> > * Pivotal: everyone else on this proposal >>> > >>> > == Sponsors == >>> > >>> > === Champion === >>> > Roman Shaposhnik >>> > >>> > === Nominated Mentors === >>> > >>> > The initial mentors are listed below: >>> > * Alan Gates - Apache Member, Hortonworks >>> > * Owen O'Malley - Apache Member, Hortonworks >>> > * Thejas Nair - Apache Member, Hortonworks >>> > * Konstantin Boudnik - Apache Member, WANDisco >>> > * Roman Shaposhnik - Apache Member, Pivotal >>> > * Justin Erenkrantz - Apache Member, Bloomberg >>> > >>> > === Sponsoring Entity === >>> > We would like to propose Apache incubator to sponsor this project. >>> > >>> > - >>> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> > For additional commands, e-mail: general-h...@incubator.apache.org >>> > >>> >>> - >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> >>> > >- >To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >For additional commands, e-mail: general-h...@incubator.apache.org > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Reform of Incubator {was; [DISCUSSION] Graduate Ignite from the Apache Incubator)
My only concern is now the mentor(s) need to check everything before approving. In my experience, during the early stages of the releases, lot of the license, naming, release location, etc. related issues were identified during the approval in the general@ list. Which were very helpful to us. Knowing that the mentors are generally busy, it might be good to have an extra oversight. Take a poll among podlings and ask Do you want to be more autonomous from the IPMC? and see what they say... We should qualify what autonomous means here. Thanks Bosco On 7/26/15, 8:06 AM, Niclas Hedhman nic...@hedhman.org wrote: On Sun, Jul 26, 2015 at 7:38 PM, Branko Čibej br...@apache.org wrote: The only downside of this proposal is that it assumes that every podling has at least three active (!) mentors. No, I don't necessarily mean that you need 3 mentors either. One active mentor would be fine with me. Empower the podling to stand on its own feet. The Incubation disclaimers are plenty warning, otherwise it would be full releases. Take a poll among podlings and ask Do you want to be more autonomous from the IPMC? and see what they say... Cheers -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Last chance to tell your story at ApacheCON EU 2015
Can I have write permission (wiki id=bosco) or someone update the wiki for me? Don Bosco Durai - Apache Ranger I am still not sure who will talk, but can we put mine as a place holder for now? Thanks Bosco On 6/29/15, 10:09 AM, jan i j...@apache.org wrote: On 29 June 2015 at 01:28, Anatole Tresch atsti...@gmail.com wrote: Hi all I proposed to talk on Tamaya. I would also do a speed date on Tamaya, but unfortunately I cannot update: https://wiki.apache.org/apachecon/ACEU15Incubator Can somebody do this for me, or give the rights todo so (UID: AnatoleTresch)? updated have fun jan i. Thanks, Anatole 2015-06-27 23:10 GMT+02:00 Roman Shaposhnik ro...@shaposhnik.org: On Sat, Jun 27, 2015 at 1:44 PM, Pierre Smits pierre.sm...@gmail.com wrote: Roman, There is a talk in preparation regarding Trafodion. Great! Once it it submitted, could you please update the wiki? Thanks, Roman. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org -- *Anatole Tresch* Java Engineer Architect, JSR Spec Lead Glärnischweg 10 CH - 8620 Wetzikon *Switzerland, Europe Zurich, GMT+1* *Twitter: @atsticks* *Blogs: **http://javaremarkables.blogspot.ch/ http://javaremarkables.blogspot.ch/* *Google: atsticksMobile +41-76 344 62 79* - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Release Apache Ranger 0.5.0 (incubating)
Justin Thanks for looking into this. The MPL license was used by pnotify. We removed it as part of JIRA https://issues.apache.org/jira/browse/RANGER-316, but we didn¹t update the LICENSE.txt file. Is it okay to remove the license text from the file during our next release or is it a blocker for this release? I have created JIRA https://issues.apache.org/jira/browse/RANGER-542 to track it. We will also address your rest of your concerns during our next release. I have created the following JIRA to track it https://issues.apache.org/jira/browse/RANGER-541. Thanks Bosco On 6/6/15, 6:35 PM, Justin Mclean jus...@classsoftware.com wrote: Hi, +0 binding until MPL issue clarified, then I¹ll change my vote to +1. But there a few other things that need to be fixed for next release. I checked - Release does¹t contain incubating in release name. - Signatures and hash good (but could be improved) - DISCLAIMER exists - Year range in NOTICE file is incorrect - NOTICE file has minor issues (see below) - LICENSE file also have a few minor issues - All source file have Apache headers - No unexpected binaries in source release - Can compile from source The LICENSE notes that you using JQuery Pine Notify which is triple licensed under GPL, LGPL and MPL. MPL is a category B license and as such needs to be handled with care [6]. However I¹m not sure that it is actually bundled in the software - can you confirm this. If it is not it can be removed from the LICENSE. Permissive licenses such as Apache and MIT do not normally get mentioned in the NOTICE file [4] as the NOTICE file places a burden on downstream projects can these please be removed. The following seem to be missing from the LICENSE - font awesome (MIT + SIL) see security-admin/src/main/webapp/fonts/fontawesome/fontawesome-webfont.svg and ranger-0.5.0/security-admin/src/main/webapp/fonts/fontawesome/FontAwesome. * + ranger-0.5.0/security-admin/src/main/webapp/fonts/fontopensans/open-sans* - backbone forms (MIT) see ranger-0.5.0/security-admin/src/main/webapp/libs/bower/backbone-forms/* - select2 (MIT) see security-admin/src/main/webapp/libs/bower/select2/select2.css - bootstrap (MIT) see ranger-0.5.0/security-admin/src/main/webapp/themejs/1.3.0/bootstrap.min.js - QUnit (MIT) see security-admin/src/main/webapp/libs/bower/globalize/test/qunit/qunit.js - jsDump (BSD -part of QUnit) see security-admin/src/main/webapp/libs/bower/globalize/test/qunit/qunit.js - Sizzle.js (part of jQuery) see security-admin/src/main/webapp/libs/bower/globalize/examples/browser/jquer y-1.4.4.js Also VisualSearch.js could be placed with the other MIT licenses. There is also no need to list Apache licensed software in LICENSE, however it¹s not an licensing error, and up to you if you want to leave them there. For the next release can you please fix the following: - Add incubating to the release name [1] - Place the release in the correct place [2][3] - Put the contents of hashes in a standard format (making it easier to check) - Consider adding apache to release artefact name - Correct years in NOTICE file - Remove unnecessary information from NOTICE - Add missing licenses to LICENSE Note that the first two items are marked as MUST in the incubator policy. Thanks, Justin 1.http://incubator.apache.org/incubation/Incubation_Policy.html#Releases 2. http://www.apache.org/dist/incubator/ranger/ 3. http://incubator.apache.org/incubation/Incubation_Policy.html#Releases 4. http://www.apache.org/dev/licensing-howto.html#permissive-deps 5. http://www.apache.org/legal/resolved.html#category-b - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Final draft of IPMC report for January 2015
Daniel, sorry about. I have updated the Wiki. Attaching the link to you email for reference to others: http://mail-archives.apache.org/mod_mbox/ranger-dev/201501.mbox/ajax/%3C54A 920A7.5000501%40apache.org%3E Thanks for your help and guidance. Regards Bosco On 1/14/15, 8:48 AM, Daniel Gruno humbed...@apache.org wrote: *ahem*, I did sign off on both reports. However, my wiki access was fubared at the time, so I asked if anyone from the Ranger project could put a check mark next to my name. This has apparently not happened. I have also signed off on the Corinthia report. With regards, Daniel. On 2015-01-14 17:42, Roman Shaposhnik wrote: The following will be submitted to the board at midnight: The Apache Incubator is the entry path into the ASF for projects and codebases wishing to become part of the Foundation's efforts. There are currently 36 podlings undergoing incubation. One podling joined us this month (Corinthia). One member joined and two members left the IPMC. IPMC has recognized the need for tightening up mentorship requirements and overall structure of the incubation process. Active discussions on how to this in the best possible way are on going and the recommendation is expected to be available in a few weeks. * Community New IPMC members: Hyunsik Choi People who left the IPMC: Sean Owen Marvin Humphrey Mentors who didn't sign off on the reports: Alan Gates Alex Karasulu Andrei Savu Andrew Purtell Arun Murthy Ashutosh Chauhan Benjamin Hindman Daniel Gruno David Blevins Devaraj Das Drew Farris Enis Soztutar Gerhard Petracek Henri Gomez Henry Saputra Lewis John Mcgibbney Luciano Resende Marcel Offermans Matt Hogstrom Nick Burch Olivier Lamy Sam Ruby Sergio Fernandez Suresh Marru Suresh Srinivas Todd Lipcon Tom White Yegor Kozlov * New Podlings Corinthia * Graduations The board has motions for the following: Samza * Releases The following releases were made since the last Incubator report: Dec 05 2014 Apache Falcon 0.6-incubating Dec 08 2014 Apache Samza 0.8.0-incubating Dec 22 2014 Apache Brooklyn 0.7.0-M2-incubating * IP Clearance * Corinthia initial source grant * Legal / Trademarks * Infrastructure * Miscellaneous * NPanday community seems to be in agreement that retirement is the best option at this point. The only outstanding issue before formally recommending graduation VOTE is to decide whether there's enough cycles available for one last release before retirement. Summary of podling reports * Still getting started at the Incubator SAMOA Corinthia Kylin NiFi Taverna (delayed software grant) Zeppelin * Not yet ready to graduate No release: DataFu HTrace Ignite Kalumet Lens Tamaya Community growth: Aurora Brooklyn Calcite MRQL ODF Toolkit Parquet Ranger Usergrid * Ready to graduate The Board has motions for the following: Samza * Did not report, expected next month NPanday Ripple -- Table of Contents Aurora Brooklyn Calcite Corinthia DataFu HTrace Ignite Kalumet Kylin Lens MRQL NiFi NPanday ODF Toolkit Parquet Ranger SAMOA Samza Tamaya Taverna Usergrid Zeppelin -- Aurora Aurora is a service scheduler used to schedule jobs onto Apache Mesos. Aurora has been incubating since 2013-10-01. Three most important issues to address in the move towards graduation: 1. Expanding the community's diversity and adding new committers. 2. Third Apache release, progress being tracked in ticket AURORA-872 3. Any issues that the Incubator PMC (IPMC) or ASF Board wish/need to be aware of? * None at this time. How has the community developed since the last report? Latest Additions: * PMC addition: * David McLaughlin, 2014-08-20 * Contributor additions: No additional contributors had code committed since the last report, however three new contributors currently have code under review that was submitted within the past 6 weeks. At least one of these contributions is a large feature addition, which is promising. Issue backlog status since last report (Oct 1, 2014): * Created: 212 * Resolved: 177 Mailing list activity since last report: * @dev 480 messages * @issues 1085 messages * @reviews 2235 messages How has the project developed since the last report? *
Need write access to Wiki
Can someone please provide me write access to the incubator report wiki pages? My wiki id is ³bosco² Thank you Bosco
Re: [PROPOSAL] Apache Argus Proposal
How do you define the 'Hadoop complex eco-system'? If that definition Agreed, complex is a relative term. I used the term complex, because now more than 20 products use Hadoop and list is growing. There are 10 products listed on http://hadoop.apache.org/. Then there are others projects like Accumulo, Impala, Storm, Kafka, Falcon, Pig, Flume, Sqoop, Oozie, etc. which uses HDFS or support/enable other products within Hadoop ecosystem. If we dig deeper, each component might have multiple processes (Name Node, Data Node, Job Tracker, Storm Nimbus Server, HBase Master Servers, HBase Regions Servers, HA, etc). With YARN, now user can run their applications in the cluster, which is a great feature, but it is very scary from security point of view, because now users can write their custom application and run it within a secure data center. I don’t feel one technology or one company or one small group or one approach can solve this problem. This has to be addressed by the community working together. This would also require a lot of support from each dependent projects and lot of co-ordination. And there would be multiple security solutions available for the end users to pick from. includes projects such as HBase, we have significant security controls, so The mature projects have started beefing up their security features. In recent releases, HBase added cell based access control and encryption, HDFS added advanced ACLs and now working on file level encryptions, Hive added ATZ-NG, no encryption yet. The newer ones like Solr, Storm, Falcon have very basic security control. On the good news side, most components have started supporting Kerberos and SSL. But encryption at rest is still a challenge. In most cases it is all or none, except probably HBase and Accumulo. Access control and auditing is also not that mature among the newer projects. The goal is here is not to reinvent or impose on each project, but to reuse the existing security technologies consistently across projects and at the same extend it where applicable. or the combination of Hive+Sentry would agree with that statement either. Personally, Hive is my ideal role model for all hadoop projects to follow. Out of the box, it has inbuilt access control, but also provides APIs to plug your authorization model. Now security projects like Argus can extend it to support attribute based access control, cell based access control, tagging, multi-tenancy, auditing, etc. Users based on their security requirement or appetite might decide to go with the default or choose one of the other security providers. Similar requirements might be there for HBase, but expecting all Hadoop components to keep up with each other is counter productive, while a dedicated security provider (project) might do more extensive and uniform job. Users might also pick multiple security providers within their cluster to address specific security concerns. Since we are on the topic of complexity, one of the reason Hadoop is popular is because of its openness. Hive might be on top of anything, e.g. on HDFS, HBase+HDFS, flat file, etc. While you can access SQL queries via Hive, you can also write Pig or MR job to access the underlying HDFS file directly. This is a powerful feature, which now gives them ability to run sophisticated analytical jobs or use enterprise grade BI tool. But this also allows users to circumvent Hive’s native security. For Hive or any native component, cross component security is out of scope (and should be). This problem can be solved by security providers like Argus, who can enforce adequate security consistently across components or project boundaries. Happy to discuss more on this topic. Thanks Bosco On Jul 16, 2014, at 7:38 PM, Andrew Purtell apurt...@apache.org wrote: This statement might not be quite right: Even within Hadoop complex eco-system, each components have limited or no security controls. How do you define the 'Hadoop complex eco-system'? If that definition includes projects such as HBase, we have significant security controls, so that wouldn't be a correct statement. Not sure those working on Accumulo, or the combination of Hive+Sentry would agree with that statement either. It's not necessary to survey the Hadoop ecosystem before incubating of course, or even after, but it sounds like that might be a good idea. On Wed, Jul 16, 2014 at 5:06 PM, Don Bosco Durai bdu...@hortonworks.com wrote: Hi JB We will be centralizing the administration and auditing for Knox. And we will be also standardizing the authentication for web applications for all components within Hadoop ecosystem, for which we might consider Shiro. I would like to understand more about Syncope and see how production ready it is... The principle is to leverage existing security solutions where applicable. Even within Hadoop complex eco-system, each components have limited or no security controls
Re: [PROPOSAL] Apache Argus Proposal
Andrews, thanks for your feedback. My responses are inline. Regards Bosco On Jul 17, 2014, at 11:41 AM, Andrew Purtell apurt...@apache.org wrote: Thank you for writing back with a detailed clarification. Regarding encryption at rest, HDFS is adding it as HDFS-6134, so likely there will be a new core feature option for the ecosystem to consider shortly. I don’t feel one technology or one company or one small group or one approach can solve this problem. This has to be addressed by the community working together. This would also require a lot of support from each dependent projects and lot of co-ordination. And there would be multiple security solutions available for the end users to pick from. Completely agreed. However, the desired community cooperation has both technical and political components. I think there are some concerns about how successful an outcome Argus may produce, informed by experience. Perhaps it would be worthwhile to address those concerns. Argus proposes to The current Argus solution already has integration with the core Hadoop components like HDFS, Hive and HBase. There are work in progress to support additional Hadoop components, which includes Knox. Anytime, we cross project boundaries, there were would be always challenges wrt technical and political. Working this out within the community makes more sense, rather than doing this outside. Not attempting would be counterproductive. develop a common security infrastructure for the Hadoop ecosystem. In my opinion (and informed by personal experience) we have new incubating Hadoop ecosystem security projects like Sentry and Knox and proposals such as Argus because Hadoop core is locked down. Argus et. al. are like the proverbial blocked river (user demand for features) seeking a new route around a landslide (obvious poisonous contention and litigation-via-JIRA on every significant topic). I would be curious your thoughts on how to avoid the same end state in the Argus project. In my opinion, it would be a tragedy if a potential solution ends up perpetuating the dysfunction it seeks to bypass to a greater proportion of Foundation projects instead. A Hadoop ecosystem project attempting to remain independent from the dysfunction of Hadoop core would be well advised to stay away from adoption of Argus components (security is so critical) if the governance of Argus I don’t believe Argus existence is because HDFS or any other component is locked down or dysfunctional. Each component will continue to evolve (core features and security) overtime based on their priority, severity and timeline. The option to externalize security is always a good thing. Option to externalize is a well accepted notion in the community. Commercial databases allow externalizing security, web applications externalize authentication and authorization, there are vulnerability management systems for file system/software version, etc. I don’t see a security provider like Argus or Sentry extending the native security as a risk or bad thing, instead, a good motivation for projects (particularly new) to focus on their core features. I also don’t feel this is a short term user demand. Security requirement changes on regular basis and as different type of industries adopt hadoop, their security requirements might be also different. They will look for different options for security and select what addresses their needs. perpetuates that dysfunction. By the way, it is also not too late for Knox and Sentry. Security is most effective when it is deployed as layered solution. Knox addresses the perimeter security. Currently it is REST and they will extend it to support security for more external API technologies. Argus will not replace it, but complement Knox by centralizing the administration and common auditing. Sentry and Argus have some overlap, but at the core, they have different philosophies and approach. Similar discussion can be made between no-sql projects like Apache HBase, Apache Accumulo and Apache Cassandra. Varying options is always healthy. -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [PROPOSAL] Apache Argus Proposal
Hi JB We will be centralizing the administration and auditing for Knox. And we will be also standardizing the authentication for web applications for all components within Hadoop ecosystem, for which we might consider Shiro. I would like to understand more about Syncope and see how production ready it is... The principle is to leverage existing security solutions where applicable. Even within Hadoop complex eco-system, each components have limited or no security controls. Instead of re-inventing everything, we will extend the core component security capabilities and add where needed. So the security is uniform, plug able and scalable. Providing a layered security along with central administration and auditing capabilities will enhance the security, usability, enterprise integration, compliance, etc. which will lead to more adoption of Apache Hadoop and projects working within its eco system. Regards Bosco ` On Jul 16, 2014, at 12:12 AM, Jean-Baptiste Onofré j...@nanthrax.net wrote: Hi, it looks interesting. Do you have an idea about the interactions with other projects (Knox, Shiro, Syncope, whatever) ? Regards JB -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [PROPOSAL] Apache Argus Proposal
to the problem should be represented by different projects. This will provide better choices for users to choose from. === An Excessive Fascination with the Apache Brand === While we respect the reputation of the Apache brand and have no doubts that it will attract contributors and users, our interest is primarily to give Argus a solid home as an open source project with a broad developer base and to encourage adoption by the related ASF projects and foster innovation around security == Documentation == http://hortonworks.com/blog/hortonworks-acquires-xasecure-to-provide-comprehensive-security-for-enterprise-hadoop/ == Initial Source == We will make the initial source available as a patch. == Source and IP Submission Plan == 1. All source will be moved to Apache Infrastructure 2. All outstanding issues in our in-house JIRA infrastructure will be replicated into the Apache JIRA system. 3. We will be acquiring a twitter handle for project Argus (eg: @apacheargus ) == External Dependencies == Argus has no external dependencies except for some Java libraries that are considered ASF-compatible (JUnit, SLF4J, …) and Apache artifacts : Hadoop, Log4J and the transient dependencies of all these artifacts. == Cryptography == Argus does not incorporate encryption currently. == Required Resources == === Mailing Lists: === 1. argus-dev 2. argus-commits 3. argus-private === Infrastructure: === 1. Git repository 2. JIRA Argus 3. Gerrit for reviewing patches The existing code includes local host integration tests, so we would like a Jenkins instance to run them whenever a new patch is submitted. == Initial Committers == * Balaji Ganesan (bganesan at hortonworks.com) * Dilli Arumugam (darumugam at hortonworks.com) * Don Bosco Durai (bdurai at hortonworks.com) * Kevin Minder (kminder at apache.org) * Larry McCay (lmccay at apache.org) * Madhanmohan Neethiraj (mneethiraj at hortonworks.com) * Owen O’Malley (omalley at apache.org) * Ramesh Mani (rmani at hortonworks.com) * Sanjay Radia (sradia at apache.org) * Selvamohan Neethiraj (sneethiraj at hortonworks.com) == Affiliations == * Balaji Ganesan - Hortonworks * Dilli Arumugam - Hortonworks * Don Bosco Durai - Hortonworks * Kevin Minder - Hortonworks * Larry McCay - Hortonworks * Madhanmohan Neethiraj - Hortonworks * Owen O’Malley - Hortonworks * Ramesh Mani - Hortonworks * Sanjay Radia - Hortonworks * Selvamohan Neethiraj - Hortonworks == Sponsors == === Champion: === * Owen O’Malley (omalley at apache.org) - Hortonworks === Nominated Mentors: === * Alan Gates - Hortonworks * Devaraj Das - Hortonworks * Jakob Homan - LinkedIn * Owen O’Malley - Hortonworks === Sponsoring Entity === Incubator PMC -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.