lucene-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Muir (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-13989) Move all hadoop related code to a contrib module
Date Tue, 03 Dec 2019 03:54:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-13989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16986584#comment-16986584
] 

Robert Muir commented on SOLR-13989:
------------------------------------

Actually I think a good long-term issue would be to remove the security hacks in hadoop? I
tried to document these fairly clearly:

https://github.com/apache/lucene-solr/blob/1d238c844e45f088a942aec14750c186c7a66d92/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java#L60

Basically, I think this code was written around java 1.SMALL times, and needs to be upgraded.
Its crazy for hadoop libraries to act like a giant shell script when java.nio gives you access
to things like FileStore and so on for clean access to all these apis, as of java 7. It is
literally just work. This is how the security story goes :)

For every one of these hacks we can remove, we can simplify our security stance and hadoop
becomes less of an obstacle. Not just for us, but for any downstream project.

In many cases (please see my comments, happy to elaborate if needed), it is literally just
as simply as handling a SecurityException from calling code!!!!!

> Move all hadoop related code to a contrib module
> ------------------------------------------------
>
>                 Key: SOLR-13989
>                 URL: https://issues.apache.org/jira/browse/SOLR-13989
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Hadoop Integration
>            Reporter: Shalin Shekhar Mangar
>            Priority: Major
>             Fix For: master (9.0)
>
>
> Spin off from SOLR-13986:
> {quote}
> It seems really important to move or remove this hadoop shit out of the solr core: It
is really unreasonable that solr core depends on hadoop. that's gonna simply block any progress
improving its security, because solr code will get dragged down by hadoop's code.
> {quote}
> We should move all hadoop related dependencies to a separate contrib module



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org


Mime
View raw message