Return-Path: Delivered-To: apmail-hadoop-general-archive@minotaur.apache.org Received: (qmail 23356 invoked from network); 14 Jan 2011 02:13:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 14 Jan 2011 02:13:20 -0000 Received: (qmail 68181 invoked by uid 500); 14 Jan 2011 02:13:19 -0000 Delivered-To: apmail-hadoop-general-archive@hadoop.apache.org Received: (qmail 68129 invoked by uid 500); 14 Jan 2011 02:13:18 -0000 Mailing-List: contact general-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@hadoop.apache.org Delivered-To: mailing list general@hadoop.apache.org Received: (qmail 68121 invoked by uid 99); 14 Jan 2011 02:13:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Jan 2011 02:13:18 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [216.145.54.173] (HELO mrout3.yahoo.com) (216.145.54.173) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Jan 2011 02:13:13 +0000 Received: from walkduty-lm.corp.yahoo.com (walkduty-lm.corp.yahoo.com [10.72.104.13]) by mrout3.yahoo.com (8.13.8/8.13.8/y.out) with ESMTP id p0E2CW8L018122 for ; Thu, 13 Jan 2011 18:12:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=yahoo-inc.com; s=cobra; t=1294971152; bh=NUaSkJ32IHp7gG5Z1vequBMQ7gUYiJOqjrmeyisD+eA=; h=Message-Id:From:To:In-Reply-To:Content-Type: Content-Transfer-Encoding:Mime-Version:Subject:Date:References; b=qGFwJc/+W+5h8nd9zI9Zmr1YvrtreVQ9qOoQTEKgAst4qGN9J/8AFJVkK5KE4eU0Y OoK/O5dgoD21N1idRcFei6SPUgGPnroKR2hWR010xOTPXQpIP3kVB/YfR4Xu/omoOo pNQ+7RdIrP3+7ypwPkbSWtrB2ta4zH0/ELDjlatM= Message-Id: <74BDFA74-DB12-4109-89DF-B353FC7296C4@yahoo-inc.com> From: Arun C Murthy To: "general@hadoop.apache.org" In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v936) Subject: Re: [DISCUSS] Hadoop Security Release off Yahoo! patchset Date: Thu, 13 Jan 2011 18:12:32 -0800 References: <516684F5-0052-4381-805D-760B61DECB16@yahoo-inc.com> <366A9E58-5BD7-497D-9AE1-229959ED4065@apache.org> <18C5C999-4680-4684-BC55-A430C40FD746@yahoo-inc.com> <2A07F1E6-7096-493B-B92E-89938689DD50@yahoo-inc.com> <5CDDF962-5828-459F-87C3-5033EC21E9BF@mac.com> <075308A1-129B-4BF7-8924-C04EC6106D3E@yahoo-inc.com> <388582DF-FC85-49D1-A89C-1F36CE34A0E2@yahoo-inc.com> <04705B3C-49A9-46B3-8AA9-5673EFBDE544@yahoo-inc.com> X-Mailer: Apple Mail (2.936) On Jan 13, 2011, at 5:35 PM, Eli Collins wrote: > Given that Todd has already done the work to rebase the 0.20.104.3 > patch set on 0.20.2, and in a way that doesn't require one big change, > and his patch set includes branch20-append which the HBase guys want > an Apache release of wouldn't it make sense to go this route? What do > others think? Seems better to have one 0.20.100 release than multiple > ones for security and append. My concern around 0.20.104.3 is that it has serious security holes including a root exploit that we have since fixed. I'm sure you guys are aware of them, Todd has helped to fix some. The version I'm offering to push to the community has fixed all of them, *plus* the added benefit of several stability and performance fixes we have done since 20.104.3, almost 10 internal releases. This is a battle tested and hardened version which we have deployed on 40,000+ nodes. It is a significant upgrade on 0.20.104.3 which we never deployed. I'm pretty sure *some* users will find that valuable. ;) Also, I've offered to push individual patches as a background activity on a branch - that should suffice, no? Or, do you consider this a blocker? Again, my goal in this exercise is to get a stable, improved version of Hadoop into the hands of our users asap, and focus on 0.22 and beyond. thanks, Arun