You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@orc.apache.org by Owen O'Malley <ow...@gmail.com> on 2017/12/01 21:40:33 UTC
[PROPOSAL] Creating security list for ORC
All,
I think as we add column encryption in ORC-14, we'll need to start
handling security issues. I think it would be good to create a security
list and policy before we need it.
Thoughts?
.. Owen
Re: [PROPOSAL] Creating security list for ORC
Posted by Owen O'Malley <ow...@gmail.com>.
Ok, I've gone ahead and filed the jira.
https://issues.apache.org/jira/browse/INFRA-16354
Thanks,
Owen
On Wed, Apr 11, 2018 at 8:43 AM, Alan Gates <al...@gmail.com> wrote:
> Makes sense. +1 to adding a security list, especially since it ties in
> with security@apache.org.
>
> Alan.
>
> On Wed, Apr 11, 2018 at 7:40 AM, Owen O'Malley <ow...@gmail.com>
> wrote:
>
> > The biggest advantage is that email to security@TLP.apache.org is
> > automatically forwarded to security@apache.org allowing them to track
> the
> > issues.
> >
> > It also allows the project to include committers who aren't PMC members
> on
> > the list and makes it easier to search your email for the relevant
> > problems.
> >
> > Thanks,
> > Owen
> >
> > On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess <ma...@apache.org>
> > wrote:
> >
> > > Alan,
> > >
> > > We have a separate security list on the NiFi PMC, and it is mostly for
> > > opt-in and for localizing the archive so you can quickly search for
> > > security stuff on the security list and not see it all show up on the
> > > private list. There tends to be a decent amount of discussion around
> > > security issues that can clutter the private list. Not making a
> > > recommendation here, just sharing what I know :)
> > >
> > > Regards,
> > > Matt
> > >
> > >
> > > On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates <al...@gmail.com>
> > wrote:
> > > > What's the benefit of having this separate from the private list?
> > > >
> > > > Alan.
> > > >
> > > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley <
> > owen.omalley@gmail.com>
> > > > wrote:
> > > >
> > > >> I'd like to move forward on this. Any comments?
> > > >>
> > > >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley <
> owen.omalley@gmail.com
> > >
> > > >> wrote:
> > > >>
> > > >> > All,
> > > >> > I think as we add column encryption in ORC-14, we'll need to
> > start
> > > >> > handling security issues. I think it would be good to create a
> > > security
> > > >> > list and policy before we need it.
> > > >> >
> > > >> > Thoughts?
> > > >> >
> > > >> > .. Owen
> > > >> >
> > > >>
> > >
> >
>
Re: [PROPOSAL] Creating security list for ORC
Posted by Alan Gates <al...@gmail.com>.
Makes sense. +1 to adding a security list, especially since it ties in
with security@apache.org.
Alan.
On Wed, Apr 11, 2018 at 7:40 AM, Owen O'Malley <ow...@gmail.com>
wrote:
> The biggest advantage is that email to security@TLP.apache.org is
> automatically forwarded to security@apache.org allowing them to track the
> issues.
>
> It also allows the project to include committers who aren't PMC members on
> the list and makes it easier to search your email for the relevant
> problems.
>
> Thanks,
> Owen
>
> On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess <ma...@apache.org>
> wrote:
>
> > Alan,
> >
> > We have a separate security list on the NiFi PMC, and it is mostly for
> > opt-in and for localizing the archive so you can quickly search for
> > security stuff on the security list and not see it all show up on the
> > private list. There tends to be a decent amount of discussion around
> > security issues that can clutter the private list. Not making a
> > recommendation here, just sharing what I know :)
> >
> > Regards,
> > Matt
> >
> >
> > On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates <al...@gmail.com>
> wrote:
> > > What's the benefit of having this separate from the private list?
> > >
> > > Alan.
> > >
> > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley <
> owen.omalley@gmail.com>
> > > wrote:
> > >
> > >> I'd like to move forward on this. Any comments?
> > >>
> > >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley <owen.omalley@gmail.com
> >
> > >> wrote:
> > >>
> > >> > All,
> > >> > I think as we add column encryption in ORC-14, we'll need to
> start
> > >> > handling security issues. I think it would be good to create a
> > security
> > >> > list and policy before we need it.
> > >> >
> > >> > Thoughts?
> > >> >
> > >> > .. Owen
> > >> >
> > >>
> >
>
Re: [PROPOSAL] Creating security list for ORC
Posted by Owen O'Malley <ow...@gmail.com>.
The biggest advantage is that email to security@TLP.apache.org is
automatically forwarded to security@apache.org allowing them to track the
issues.
It also allows the project to include committers who aren't PMC members on
the list and makes it easier to search your email for the relevant problems.
Thanks,
Owen
On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess <ma...@apache.org> wrote:
> Alan,
>
> We have a separate security list on the NiFi PMC, and it is mostly for
> opt-in and for localizing the archive so you can quickly search for
> security stuff on the security list and not see it all show up on the
> private list. There tends to be a decent amount of discussion around
> security issues that can clutter the private list. Not making a
> recommendation here, just sharing what I know :)
>
> Regards,
> Matt
>
>
> On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates <al...@gmail.com> wrote:
> > What's the benefit of having this separate from the private list?
> >
> > Alan.
> >
> > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley <ow...@gmail.com>
> > wrote:
> >
> >> I'd like to move forward on this. Any comments?
> >>
> >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley <ow...@gmail.com>
> >> wrote:
> >>
> >> > All,
> >> > I think as we add column encryption in ORC-14, we'll need to start
> >> > handling security issues. I think it would be good to create a
> security
> >> > list and policy before we need it.
> >> >
> >> > Thoughts?
> >> >
> >> > .. Owen
> >> >
> >>
>
Re: [PROPOSAL] Creating security list for ORC
Posted by Matt Burgess <ma...@apache.org>.
Alan,
We have a separate security list on the NiFi PMC, and it is mostly for
opt-in and for localizing the archive so you can quickly search for
security stuff on the security list and not see it all show up on the
private list. There tends to be a decent amount of discussion around
security issues that can clutter the private list. Not making a
recommendation here, just sharing what I know :)
Regards,
Matt
On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates <al...@gmail.com> wrote:
> What's the benefit of having this separate from the private list?
>
> Alan.
>
> On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley <ow...@gmail.com>
> wrote:
>
>> I'd like to move forward on this. Any comments?
>>
>> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley <ow...@gmail.com>
>> wrote:
>>
>> > All,
>> > I think as we add column encryption in ORC-14, we'll need to start
>> > handling security issues. I think it would be good to create a security
>> > list and policy before we need it.
>> >
>> > Thoughts?
>> >
>> > .. Owen
>> >
>>
Re: [PROPOSAL] Creating security list for ORC
Posted by Alan Gates <al...@gmail.com>.
What's the benefit of having this separate from the private list?
Alan.
On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley <ow...@gmail.com>
wrote:
> I'd like to move forward on this. Any comments?
>
> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley <ow...@gmail.com>
> wrote:
>
> > All,
> > I think as we add column encryption in ORC-14, we'll need to start
> > handling security issues. I think it would be good to create a security
> > list and policy before we need it.
> >
> > Thoughts?
> >
> > .. Owen
> >
>
Re: [PROPOSAL] Creating security list for ORC
Posted by Owen O'Malley <ow...@gmail.com>.
I'd like to move forward on this. Any comments?
On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley <ow...@gmail.com>
wrote:
> All,
> I think as we add column encryption in ORC-14, we'll need to start
> handling security issues. I think it would be good to create a security
> list and policy before we need it.
>
> Thoughts?
>
> .. Owen
>