You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Anatoliy Sokolenko <an...@sokolenko.me> on 2016/02/22 19:07:33 UTC

Kafka Security quality level in 0.9.0.1

Hi,

Does recently released Kafka 0.9.0.1 have final release of security features, initiated in 0.9.0.0 or it is still should be considered beta quality?
I’m asking because Cloudera recently send an announcement of their parcel release that promotes Kafka security features and does not mention that it’s not production ready. Their blog slipped this fact as well (http://blog.cloudera.com/blog/2016/02/whats-new-in-clouderas-distribution-of-apache-kafka). While official documentation at http://kafka.apache.org/documentation.html#security still refers to Kafka 0.9.0.0.

If it is still beta in 0.9.0.1, is it fair to assume that stable security features should be available with 0.10.0.0 release in Q2 2016?

Thank you, 
Anatoliy

Re: Kafka Security quality level in 0.9.0.1

Posted by Ismael Juma <is...@juma.me.uk>.

Hi Anatoliy,

We labelled 0.9.0.0 as beta as it's a lot of new code and we want to:

1. Give our users a chance to test it and give us feedback
2. Do additional testing ourselves

0.9.0.1 has fixes for all the security issues we became aware of after the
0.9.0.0 release, but we haven't removed the beta label. Note that it
doesn't mean it's not stable, we just want our users to be aware that these
features are new and users should proceed with caution. Having said that,
we encourage our users to test these features if they are able to.

I can't talk for Cloudera, but feel free to compare their branch with the
Apache one:

https://github.com/apache/kafka/tree/0.9.0.1
https://github.com/cloudera/kafka/tree/cdh5-0.9.0_2.0.0

I quickly skimmed through the commits on their branch and they _seem_ to be
cherry-picked from Apache Kafka (with the exception of build and version
number changes).

I hope it helps.

Ismael

On Mon, Feb 22, 2016 at 10:07 AM, Anatoliy Sokolenko <an...@sokolenko.me>
wrote:

> Hi,
>
> Does recently released Kafka 0.9.0.1 have final release of security
> features, initiated in 0.9.0.0 or it is still should be considered beta
> quality?
> I’m asking because Cloudera recently send an announcement of their parcel
> release that promotes Kafka security features and does not mention that
> it’s not production ready. Their blog slipped this fact as well (
> http://blog.cloudera.com/blog/2016/02/whats-new-in-clouderas-distribution-of-apache-kafka). While
> official documentation at
> http://kafka.apache.org/documentation.html#security still refers to Kafka
> 0.9.0.0.
>
> If it is still beta in 0.9.0.1, is it fair to assume that stable security
> features should be available with 0.10.0.0 release in Q2 2016?
>
> Thank you,
> Anatoliy
>