Return-Path: X-Original-To: apmail-hbase-dev-archive@www.apache.org Delivered-To: apmail-hbase-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4644F96E7 for ; Thu, 26 Jan 2012 20:30:32 +0000 (UTC) Received: (qmail 88454 invoked by uid 500); 26 Jan 2012 20:30:31 -0000 Delivered-To: apmail-hbase-dev-archive@hbase.apache.org Received: (qmail 88351 invoked by uid 500); 26 Jan 2012 20:30:31 -0000 Mailing-List: contact dev-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hbase.apache.org Delivered-To: mailing list dev@hbase.apache.org Received: (qmail 88343 invoked by uid 99); 26 Jan 2012 20:30:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Jan 2012 20:30:30 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ghelmling@gmail.com designates 209.85.215.41 as permitted sender) Received: from [209.85.215.41] (HELO mail-lpp01m010-f41.google.com) (209.85.215.41) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Jan 2012 20:30:25 +0000 Received: by lagw12 with SMTP id w12so792397lag.14 for ; Thu, 26 Jan 2012 12:30:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=NqMMgB+KD3MB3RSzPC0mLP5rqntTo9FogxFHUzVnTas=; b=l5uKJlaOBZ3SbSlVA0SHs7P2NlCd8n53aUJkMQnCx652nuqJOCZyqRl9xG1CQntN51 JZAXPHRd3EM43Qz7GebSh+Ko/bqaSOKIUKLecxXlp3qIj47Xgn9NEZKD8NImSs9iBXyf 8oC2THqkTMN1j3qnBAfpLNwY2+C2p7t6zW6ik= MIME-Version: 1.0 Received: by 10.112.27.65 with SMTP id r1mr1078867lbg.33.1327609804238; Thu, 26 Jan 2012 12:30:04 -0800 (PST) Received: by 10.112.38.99 with HTTP; Thu, 26 Jan 2012 12:30:04 -0800 (PST) In-Reply-To: References: <1327606778.87256.YahooMailNeo@web164517.mail.gq1.yahoo.com> <1327607446.66036.YahooMailNeo@web164513.mail.gq1.yahoo.com> Date: Thu, 26 Jan 2012 12:30:04 -0800 Message-ID: Subject: Re: No security sources in 0.92.0 release tarballs. From: Gary Helmling To: dev@hbase.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Jon, Thanks for spotting it. I'll pick it up. Assuming this means changes to src/assembly/all.xml... I'll read up on the assembly plugin in. --gh On Thu, Jan 26, 2012 at 12:15 PM, Jonathan Hsieh wrote: > Andrew, Gary, > > Sorry, I should have written the initial message a little more clearly, b= ut > Gary's clarification is spot on. > > I've filed it as a 0.94 and 0.92.1 blocker. > https://issues.apache.org/jira/browse/HBASE-5288 > > Can one of you guys pick it up the fix for this? > > Jon. > > On Thu, Jan 26, 2012 at 11:50 AM, Andrew Purtell wro= te: > >> So I reread this and I probably misunderstood for a moment what Jon was >> saying. >> >> I mentioned this in another email last week, regardless it is important = to >> tag security as alpha and anyone who wants to seriously use it for more >> than just secure RPC is going to need to patch with HBASE-5195. >> >> So I presume 5195 and the sources will appear in 0.92.1. >> >> >> Best regards, >> >> =A0 =A0 - Andy >> >> Problems worthy of attack prove their worth by hitting back. - Piet Hein >> (via Tom White) >> >> >> ----- Original Message ----- >> > From: Andrew Purtell >> > To: "dev@hbase.apache.org" >> > Cc: >> > Sent: Thursday, January 26, 2012 11:39 AM >> > Subject: Re: No security sources in 0.92.0 release tarballs. >> > >> > Can't believe I missed that. I haven't been paying enough attention to >> > upstream. >> > >> > >> > However, this isn't the worst thing that could have happened, without >> > HBASE-5195 in the upstream sources security isn't going to adequately >> > protect Gets. Also there is a shell nit to fix (HBASE-5265). >> > >> > >> > Put it 0.94. No problem. It wouldn't be unreasonable to consider >> > coprocessors more baked than security in upstream. >> > >> > >> > Best regards, >> > >> > =A0 =A0 - Andy >> > >> > Problems worthy of attack prove their worth by hitting back. - Piet He= in >> (via >> > Tom White) >> > >> > >> > >> >> ________________________________ >> >> =A0From: Jonathan Hsieh >> >> To: dev@hbase.apache.org >> >> Sent: Thursday, January 26, 2012 11:29 AM >> >> Subject: No security sources in 0.92.0 release tarballs. >> >> >> >> Ugh, it looks like we all missed that 0.92.0 release tarballs (both >> >> security compile and normal) do not contain any of the source of the >> >> security work. >> >> >> >> Jon. >> >> >> >> -- >> >> // Jonathan Hsieh (shay) >> >> // Software Engineer, Cloudera >> >> // jon@cloudera.com >> >> >> >> >> >> >> > >> > > > > -- > // Jonathan Hsieh (shay) > // Software Engineer, Cloudera > // jon@cloudera.com