Return-Path: X-Original-To: apmail-hadoop-common-dev-archive@www.apache.org Delivered-To: apmail-hadoop-common-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 64BE8113D7 for ; Fri, 8 Aug 2014 21:28:05 +0000 (UTC) Received: (qmail 26061 invoked by uid 500); 8 Aug 2014 21:28:03 -0000 Delivered-To: apmail-hadoop-common-dev-archive@hadoop.apache.org Received: (qmail 25951 invoked by uid 500); 8 Aug 2014 21:28:02 -0000 Mailing-List: contact common-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-dev@hadoop.apache.org Received: (qmail 25930 invoked by uid 99); 8 Aug 2014 21:28:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Aug 2014 21:28:02 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of andrew.wang@cloudera.com designates 209.85.213.176 as permitted sender) Received: from [209.85.213.176] (HELO mail-ig0-f176.google.com) (209.85.213.176) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Aug 2014 21:27:58 +0000 Received: by mail-ig0-f176.google.com with SMTP id hn18so1686647igb.9 for ; Fri, 08 Aug 2014 14:27:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=2mGPaDdmaquZ7h3NqWe1ALWHnFsFjGT8QpstaZYmGzw=; b=WGYNYhLQkR+Ua8GKie8kCGEOhd8WKmUVztFaAKD2e2n0XztNDIt77dxfyiBGlQ0gf4 JvAvJ/hjXQ5l/ViWgFu6WcnYon5z15v3vZ90knYXasf565fZAOGwoTsBgU2iIa23LgKl kfuINwnqRKoA8O5PJsd8MSrtxVwPmuSgBmUCcyn4RScSj8En5ighAv1H5VAS7eHYUbcQ KnqXqsc/zSvd7Qmq1/x86F6dvogPPzQ8v0DHSHU+am0qgNe0ilfR4fke/5ysrMj2Zq9X BUkisOquysBnHGrWEpGDplHzOXLGJ0UtGql5gLvv/cS209QpQbLY3eebhhRFD8mDazFw yLQQ== X-Gm-Message-State: ALoCoQmnSL2FU/5HyEq0ACFkhHQMITjoTKskgn6Tb2L1tLy5NqV+r5tX3Tno5Rwxq2A0CVTtonFt X-Received: by 10.50.126.100 with SMTP id mx4mr8825662igb.1.1407533257673; Fri, 08 Aug 2014 14:27:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.14.208 with HTTP; Fri, 8 Aug 2014 14:27:17 -0700 (PDT) In-Reply-To: References: From: Andrew Wang Date: Fri, 8 Aug 2014 14:27:17 -0700 Message-ID: Subject: Re: [VOTE] Merge fs-encryption branch to trunk To: "common-dev@hadoop.apache.org" , "hdfs-dev@hadoop.apache.org" Content-Type: multipart/alternative; boundary=047d7b3a9604d58eac050024df36 X-Virus-Checked: Checked by ClamAV on apache.org --047d7b3a9604d58eac050024df36 Content-Type: text/plain; charset=UTF-8 I should add that this vote will run for the standard 7 days for a non-release vote, so will close at 12PM Pacific on August 15th. On Fri, Aug 8, 2014 at 11:45 AM, Andrew Wang wrote: > Hi all, > > I'd like to call a vote to merge the fs-encryption branch to trunk. > Development of this feature has been ongoing since March on HDFS-6134 and > HADOOP-10150, totally approximately 50 commits. > > The fs-encryption branch introduces support for transparent, end-to-end > encryption within an "encryption zone". Each file stored within an > encryption zone is automatically encrypted and decrypted with a unique key. > These per-file keys are encrypted with an encryption key only accessible by > the client, ensuring that only the client is able to decrypt sensitive > data. Furthermore, there is support for native, hardware-accelerated AES > encryption. For further details, please see the design doc on HDFS-6134. > > In terms of merge readiness, we've posted some successful consolidated > patches to the JIRA for Jenkins runs. distcp and fs -cp support has also > recently been completed, allowing users to securely copy encrypted files > without first decrypting them. There is ongoing work to add support for > WebHDFS, HttpFS, and other alternative access methods. Stephen Chu has also > posted a test plan, and has already identified a few issues that have been > fixed. > > Design and development of this feature was also a cross-company effort > with many different contributors. > > I'd like to thank Charles Lamb, Yi Liu, Uma Maheswara Rao G, Colin McCabe, > and Juan Yu for their code contributions and reviews. Alejandro Abdelnur > was also instrumental, doing a lot of the design work and as well as > writing most of the Hadoop Key Mangement Server (KMS). Finally, I'd like to > thank everyone who gave feedback on the JIRAs. This includes Owen, Sanjay, > Larry, Mike Y, ATM, Todd, Nicholas, and Andy, among others. > > With that, here's my +1 to merge this to trunk. > > Thanks, > Andrew > --047d7b3a9604d58eac050024df36--