In the "easy" path, you're neglecting the lack of standardization in the "attach/upload" step. Lars elsethread brought up a useful ASF blog post: The ASF didn't decommission it's own git repos, just some of the tooling we used to mirror between our repos and GitHub. If GitHub went away overnight, the ASF would still have all our own code and could keep working with our own build tools and plain old `git`. So GitHub is merely one way that Apache projects can choose to allow users to contribute. The ASF hosts it's own Git repos with all auditable history. Many projects still use our Subversion repo(s) too. It took a while, but Apache infra now allows that, as long as the repos are in our organization. Many Apache projects asked to use GitHub. ![]() In particular, there is an expectation that Apache project communities continue to do much of their community and release management on ASF servers, not solely on GitHub. The ASF is vendor-neutral about all of it's operations. The announcement is only about technology, there's no "partnership" between the ASF and GitHub. Given that I find ASF has always been very moral with their fundraising and careful with their money (unlike a couple other major non-profits I happily would name in any other context), as disappointed as I am with this decision, it is difficult for me to blame them for making it: git is extremely difficult to scale correctly (due to its reliance on interactive protocols), which led Google Code and then GitHub to rewrite large portions of it (of course, as closed source internal-only this-is-our-competitive-advantage projects) when you are a small non-profit, knowing that you would have 5x the resources for staffing if you just swapped out some mere tooling has got to be a really really tough choice for something that isn't quite your core moral (as it would be with say, the FSF). (“Using a simple growth forecast to project expenses and effective governance and mentoring to ensure that using externally provided services does not in any way present barriers to entry to projects or reduce transparency, inclusiveness and diversity.”) > The report noted that, given burgeoning costs, encouraging the use of more externally provided services was its best option. > The foundation’s 2018 five-year strategic plan noted that infrastructure services account for more than 80 percent of the total ASF expense budget, adding: “Increasingly, project communities have infrastructure requirements that strain the capabilities of the ASF.” Ranger 0.4.Apparently, one of the big motivating reasons for this was "cost".ssl_cipher_list = "DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2" (default).ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3).line 1670 of /usr/lib/hue/desktop/core/src/desktop/lib/wsgiserver.py.Hive 1.0 Adds SSLv2Hello back to supported protocols.Hive 0.14 Removes SSLv3 from supported protocols.Hadoop 2.5.2 + 2.6 Disables SSLv3 in HTTPFS.Hadoop 2.5.2 + 2.6 Patches Jetty to disable SSLv3.Hadoop 2.8 Patches SSLFactory for TLSv1.1 and TLSv1.2. ![]() (JDK6 can use TLSv1, JDK7+ can use TLSv1,TLSv1.1,TLSv1.2).Hadoop 2.5.2 + 2.6 Patches SSLFactory for TLSv1. ![]() Openssl s_client ‐connect HOST:PORT ‐ssl3Ĭurl ‐v3 ‐i ‐X HEAD Configuring Hadoop for Cipher Suites and ProtocolsĮach Hadoop component must be configured or have the proper version to disable certain SSL protocols and versions. # Requires a relatively recent version of openssl installed canicreatekeystorefromanexistingcertificateabccrtandabckeyfil.SSL vs TLS: thedifferencebetweenssltlsandhttps.SSL Linux certificate location: certificatelocationonunixlinux.No guarantee they are up to date but it helps to have references in one place. Below is a collection of TLS/SSL related references. I was consulting when the POODLE and Heartbleed vulnerabilities were released. Most of them are related to Apache Hadoop, but others are more general. I’ve collected notes on TLS/SSL for a number of years now.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |