hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley" <omal...@apache.org>
Subject Re: Hadoop encryption module as Apache Chimera incubator project
Date Wed, 27 Jan 2016 19:31:16 GMT
On Wed, Jan 27, 2016 at 9:59 AM, Gangumalla, Uma <uma.gangumalla@intel.com>
wrote:

> I think Chimera goal is to enhance even for other use cases.


Naturally.


> For Hadoop, CTR mode should be enough today,


This isn't true. Hadoop should use better encryption for RPC and shuffle,
both of which should not use CTR.


> I think separate module and
> independent release is good idea but I am not so strong on the point to
> keep under Hadoop.


I believe encryption is becoming a core part of Hadoop. I think that moving
core components out of Hadoop is bad from a project management perspective.
To put it another way, a bug in the encryption routines will likely become
a security problem that security@hadoop needs to hear about. I don't think
adding a separate project in the middle of that communication chain is a
good idea. The same applies to data corruption problems, and so on...


> It may be good to keep at generalized place(As in the
> discussion, we thought that place could be Apache Commons).


Apache Commons is a collection of *Java* projects, so Chimera as a
JNI-based library isn't a natural fit. Furthermore, Apache Commons doesn't
have its own security list so problems will go to the generic
security@apache.org.

Why do you think that Apache Commons is a better home than Hadoop?

.. Owen

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message