hadoop-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arun C Murthy <...@yahoo-inc.com>
Subject Re: [DISCUSS] Hadoop Security Release off Yahoo! patchset
Date Fri, 14 Jan 2011 02:12:32 GMT

On Jan 13, 2011, at 5:35 PM, Eli Collins wrote:
> Given that Todd has already done the work to rebase the 0.20.104.3
> patch set on 0.20.2, and in a way that doesn't require one big change,
> and his patch set includes branch20-append which the HBase guys want
> an Apache release of wouldn't it make sense to go this route?  What do
> others think? Seems better to have one 0.20.100 release than multiple
> ones for security and append.


My concern around 0.20.104.3 is that it has serious security holes  
including a root exploit that we have since fixed. I'm sure you guys  
are aware of them, Todd has helped to fix some.

The version I'm offering to push to the community has fixed all of  
them, *plus* the added benefit of several stability and performance  
fixes we have done since 20.104.3, almost 10 internal releases. This  
is a battle tested and hardened version which we have deployed on  
40,000+ nodes. It is a significant upgrade on 0.20.104.3 which we  
never deployed. I'm pretty sure *some* users will find that valuable. ;)

Also, I've offered to push individual patches as a background activity  
on a branch - that should suffice, no? Or, do you consider this a  
blocker?

Again, my goal in this exercise is to get a stable, improved version  
of Hadoop into the hands of our users asap, and focus on 0.22 and  
beyond.

thanks,
Arun

Mime
View raw message