hadoop-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Holsman <had...@holsman.net>
Subject Re: [DISCUSS] Hadoop Security Release off Yahoo! patchset
Date Fri, 14 Jan 2011 14:14:41 GMT
(with my Apache hat on)
I'm -0.5 on doing this as one big mega-patch and not including append (as opposed to a series
of smaller patches).

for the following reasons:

1. It encourages bad behavior. We want discussion (and development) to happen on the lists,
not in some office. By allowing these large code-dumps it condones this behavior, and we will
likely see it again and again. Like it or not, this is not the apache model of open source

2. There is a risk that some code that is not in a JIRA or separate patch creeps in unwittingly.
This isn't a major deal per se, but we don't really have the proper paper trail, or the documentation
on what bug it fixed etc etc.

3. Other groups (Facebook for example) are running with their own set of patches. They currently
have the luxury of examining each individual patch to decide if they want to integrate it
(and test it) in their environment. We are forcing them to do the work of finding the bits
they want in this huge patch.

4. By not including the append patch, we are making this release unusable for a large portion
of our community who run hbase.

5. It makes it very hard to test. While It makes me comfortable that it has gone through Yahoo!'s
QA and is running in their environments, it doesn't mean that it will work in other organizations
who have different workload mixes and software running on them. With one huge patch it makes
it all or nothing.. either they take the code-drop and perform a large QA-integration effort,
or they forgo the whole patch together.

**BUT** we have both the Yahoo! & Cloudera guys happy to do it, and to spend their time
doing it.. so I think having the code-drop will put us in a better place then where we are.

BTW, I'd like to point out a discrepancy here:

On another thread discussing hadoop-0.20-append as a separate branch, most people agreed that
new features shouldn't be added to 0.20, now we have a major feature and we are all gung ho
for it.. 


On Jan 14, 2011, at 2:21 AM, Arun C Murthy wrote:

> On Jan 13, 2011, at 10:59 PM, Stack wrote:
>> (Man, it was looking good there for a second when 0.20.100 was about
>> security+append!)
>> Good luck w/ the release Arun.
> Thanks!
>> We might be following your 0.20.100 with a 0.20.200 append.
> Super!
> Arun

View raw message