Opinions on MAPREDUCE-2980: Jetty "6.1.26.1" for 0.20-security

[Todd Lipcon <to...@cloudera.com>]

Quick summary of the issue: on many clusters running at scale, we've
seen the upgrade from Jetty 6.1.14 to 6.1.26 to cause a much higher
incidence of fetch failures and other related bugs. Unfortunately
downgrading back to 6.1.14 is unacceptable since it introduces
security holes. The jetty folks don't have a particular timeline for
their next release, so I have prepared a patched Jetty with their
help. The source is available on my github and there's a binary
artifact in Cloudera's maven repository as well.

The question is whether the community thinks it would be a good idea
to depend on this "6.1.26.1" Jetty for 0.20-security until we have a
new upstream Jetty release that addresses the issue. We plan to ship
CDH with the fixed Jetty, and now have some customers moving this
version to production as well.

While I think it's unfortunate to have to ship a non-standard patch, I
think it's the best option as an interim solution to this critical MR
issue.

Please comment on MAPREDUCE-2980.

Thanks
-Todd
-- 
Todd Lipcon
Software Engineer, Cloudera