Storm security feature branch.

[Bobby Evans <ev...@yahoo-inc.com>]

Originally I had planned to push the security features that we have been working on back into storm piece meal through many different JIRA linked under https://issues.apache.org/jira/browse/STORM-216.

This is proving to be rather difficult because the core of the changes were written quite a while ago, and pulling them back apart after up merging is a time consuming task.  I propose instead a feature branch in the main storm repository.  I would initially create the branch based on an up merged version of what is currently under

https://github.com/yahoo/incubator-storm/tree/security

The branch would only be merged back into master after 2 +1’s from committers, with my vote not counting as the “author", like any other pull request. However, because of its size and complexity I would expect leave it up for a minimum of 2 weeks.  I am very flexible on this if other feel they want more time or more commuters to sign off of it.   Alternatively I could do one really large pull request if that is preferable to a feature branch.

- Bobby

Re: Storm security feature branch.

["P. Taylor Goetz" <pt...@gmail.com>]

Thanks Bobby.

And as I mentioned earlier, I’m working on a Vagrant-based setup for creating a secure storm cluster (Kerberos, DNS, secure ZooKeeper, etc.) that should make it easier to setup and evaluate.

I hope to make that available in the next few days.

- Taylor

On May 21, 2014, at 12:14 PM, Bobby Evans <ev...@yahoo-inc.com> wrote:

> I just put up the security branch
> 
> https://github.com/apache/incubator-storm/tree/security
> 
> And a pull request for the security branch
> 
> https://github.com/apache/incubator-storm/pull/121
> 
> If others would like to play around with it that would be great the
> SECURITY.md file has been updated with documentation on how to set it up.
> If you run into any issues or areas where the documentation is unclear
> please comment on the pull request and I will update it.  I also plan to
> keep it in sync with master as much as possible.
> 
> - Bobby
> 
> 
> On 5/16/14, 6:14 PM, "P. Taylor Goetz" <pt...@gmail.com> wrote:
> 
>> Wow. ASF mail problems are still pretty pervasive. I got Derek's reply
>> but never got Bobby's original email.
>> 
>> Anyway I'm +1 for a branch and two weeks for review.
>> 
>> This work is not trivial to test and evaluate. I've been working on a
>> vagrant setup that has all the infrastructure needed to test this
>> (Kerberos server, keytab files, DNS, etc.). I will make that available
>> when it is complete, or at least workable. I can also make nightly builds
>> of that branch available to facilitate evaluation.
>> 
>> This is an important feature that a lot of companies are eager for.
>> 
>> Many thanks to Bobby, Derek, Andy, and Yahoo for their willingness to
>> contribute their work to the Storm community.
>> 
>> -Taylor
>> 
>> P.S. I'm CC'ing Bobby and Derek in case this doesn't make it through to
>> the list. Please forward to the list if you don't receive it through that
>> channel.
>> 
>> 
>>> On May 16, 2014, at 5:18 PM, Derek Dagit <de...@yahoo-inc.com> wrote:
>>> 
>>> +1 for the branch
>>> 
>>> I agree that at least two weeks should be given, considering the size
>>> of the changes.
>>> 
>>> Hopefully there would be more than two +1's before merging the branch
>>> to master.
>>> 
>>> -- 
>>> Derek
>>> 
>>>> On 5/12/14, 10:56, Bobby Evans wrote:
>>>> Originally I had planned to push the security features that we have
>>>> been working on back into storm piece meal through many different JIRA
>>>> linked under https://issues.apache.org/jira/browse/STORM-216.
>>>> 
>>>> This is proving to be rather difficult because the core of the changes
>>>> were written quite a while ago, and pulling them back apart after up
>>>> merging is a time consuming task.  I propose instead a feature branch
>>>> in the main storm repository.  I would initially create the branch
>>>> based on an up merged version of what is currently under
>>>> 
>>>> https://github.com/yahoo/incubator-storm/tree/security
>>>> 
>>>> The branch would only be merged back into master after 2 +1¹s from
>>>> committers, with my vote not counting as the ³author", like any other
>>>> pull request. However, because of its size and complexity I would
>>>> expect leave it up for a minimum of 2 weeks.  I am very flexible on
>>>> this if other feel they want more time or more commuters to sign off of
>>>> it.   Alternatively I could do one really large pull request if that is
>>>> preferable to a feature branch.
>>>> 
>>>> - Bobby

Re: Storm security feature branch.

[Bobby Evans <ev...@yahoo-inc.com>]

I just put up the security branch

https://github.com/apache/incubator-storm/tree/security

And a pull request for the security branch

https://github.com/apache/incubator-storm/pull/121

If others would like to play around with it that would be great the
SECURITY.md file has been updated with documentation on how to set it up.
If you run into any issues or areas where the documentation is unclear
please comment on the pull request and I will update it.  I also plan to
keep it in sync with master as much as possible.

- Bobby


On 5/16/14, 6:14 PM, "P. Taylor Goetz" <pt...@gmail.com> wrote:

>Wow. ASF mail problems are still pretty pervasive. I got Derek's reply
>but never got Bobby's original email.
>
>Anyway I'm +1 for a branch and two weeks for review.
>
>This work is not trivial to test and evaluate. I've been working on a
>vagrant setup that has all the infrastructure needed to test this
>(Kerberos server, keytab files, DNS, etc.). I will make that available
>when it is complete, or at least workable. I can also make nightly builds
>of that branch available to facilitate evaluation.
>
>This is an important feature that a lot of companies are eager for.
>
>Many thanks to Bobby, Derek, Andy, and Yahoo for their willingness to
>contribute their work to the Storm community.
>
>-Taylor
>
>P.S. I'm CC'ing Bobby and Derek in case this doesn't make it through to
>the list. Please forward to the list if you don't receive it through that
>channel.
>
>
>> On May 16, 2014, at 5:18 PM, Derek Dagit <de...@yahoo-inc.com> wrote:
>> 
>> +1 for the branch
>> 
>> I agree that at least two weeks should be given, considering the size
>>of the changes.
>> 
>> Hopefully there would be more than two +1's before merging the branch
>>to master.
>> 
>> -- 
>> Derek
>> 
>>> On 5/12/14, 10:56, Bobby Evans wrote:
>>> Originally I had planned to push the security features that we have
>>>been working on back into storm piece meal through many different JIRA
>>>linked under https://issues.apache.org/jira/browse/STORM-216.
>>> 
>>> This is proving to be rather difficult because the core of the changes
>>>were written quite a while ago, and pulling them back apart after up
>>>merging is a time consuming task.  I propose instead a feature branch
>>>in the main storm repository.  I would initially create the branch
>>>based on an up merged version of what is currently under
>>> 
>>> https://github.com/yahoo/incubator-storm/tree/security
>>> 
>>> The branch would only be merged back into master after 2 +1¹s from
>>>committers, with my vote not counting as the ³author", like any other
>>>pull request. However, because of its size and complexity I would
>>>expect leave it up for a minimum of 2 weeks.  I am very flexible on
>>>this if other feel they want more time or more commuters to sign off of
>>>it.   Alternatively I could do one really large pull request if that is
>>>preferable to a feature branch.
>>> 
>>> - Bobby
>>> 

Re: Storm security feature branch.

["P. Taylor Goetz" <pt...@gmail.com>]

Wow. ASF mail problems are still pretty pervasive. I got Derek's reply but never got Bobby's original email.

Anyway I'm +1 for a branch and two weeks for review.

This work is not trivial to test and evaluate. I've been working on a vagrant setup that has all the infrastructure needed to test this (Kerberos server, keytab files, DNS, etc.). I will make that available when it is complete, or at least workable. I can also make nightly builds of that branch available to facilitate evaluation.

This is an important feature that a lot of companies are eager for.

Many thanks to Bobby, Derek, Andy, and Yahoo for their willingness to contribute their work to the Storm community.

-Taylor

P.S. I'm CC'ing Bobby and Derek in case this doesn't make it through to the list. Please forward to the list if you don't receive it through that channel.


> On May 16, 2014, at 5:18 PM, Derek Dagit <de...@yahoo-inc.com> wrote:
> 
> +1 for the branch
> 
> I agree that at least two weeks should be given, considering the size of the changes.
> 
> Hopefully there would be more than two +1's before merging the branch to master.
> 
> -- 
> Derek
> 
>> On 5/12/14, 10:56, Bobby Evans wrote:
>> Originally I had planned to push the security features that we have been working on back into storm piece meal through many different JIRA linked under https://issues.apache.org/jira/browse/STORM-216.
>> 
>> This is proving to be rather difficult because the core of the changes were written quite a while ago, and pulling them back apart after up merging is a time consuming task.  I propose instead a feature branch in the main storm repository.  I would initially create the branch based on an up merged version of what is currently under
>> 
>> https://github.com/yahoo/incubator-storm/tree/security
>> 
>> The branch would only be merged back into master after 2 +1’s from committers, with my vote not counting as the “author", like any other pull request. However, because of its size and complexity I would expect leave it up for a minimum of 2 weeks.  I am very flexible on this if other feel they want more time or more commuters to sign off of it.   Alternatively I could do one really large pull request if that is preferable to a feature branch.
>> 
>> - Bobby
>> 

Re: Storm security feature branch.

[Derek Dagit <de...@yahoo-inc.com>]

+1 for the branch

I agree that at least two weeks should be given, considering the size of the changes.

Hopefully there would be more than two +1's before merging the branch to master.

-- 
Derek

On 5/12/14, 10:56, Bobby Evans wrote:
> Originally I had planned to push the security features that we have been working on back into storm piece meal through many different JIRA linked under https://issues.apache.org/jira/browse/STORM-216.
>
> This is proving to be rather difficult because the core of the changes were written quite a while ago, and pulling them back apart after up merging is a time consuming task.  I propose instead a feature branch in the main storm repository.  I would initially create the branch based on an up merged version of what is currently under
>
> https://github.com/yahoo/incubator-storm/tree/security
>
> The branch would only be merged back into master after 2 +1’s from committers, with my vote not counting as the “author", like any other pull request. However, because of its size and complexity I would expect leave it up for a minimum of 2 weeks.  I am very flexible on this if other feel they want more time or more commuters to sign off of it.   Alternatively I could do one really large pull request if that is preferable to a feature branch.
>
> - Bobby
>