Someone malicious would need physical access to my office to sign artifacts under my name. The same pubikey key is used for 2FA to github, for uploading artifacts and making the release.The latest GPG key (E7E4 26DF 6228 1B63 D679 6A81 950C C3E0 32B7 9CA2) actually lives on a yubikey for physical security the signing takes place there.My keys are published on the ASF committer keylist under my username.If I wanted to run anything on your systems, I'd be able to add the code into Hadoop itself. I am the Hadoop committer " stevel": I have nothing to gain by creating malicious versions of these binaries. Thanks Security: can you trust this release? These libs on Windows systems just to run Spark & similar locally, file a JIRA on Apache, then a PR against apache/hadoop. If someone wants to do some effort into cutting the need for Libs except in the special case that you are doing file permissions work. If you want more current binaries, please go there.ĭo note that given some effort it should be possible to avoid the Hadoop file:// classes (Local and RawLocal) to need the hadoop native I've been too busy with things to work on this for a long time, so I'm grateful for cdarlint to take up this work: If this works for you, no need for winutils at all! Status: Go to cdarlint/winutils for current artifacts (GlobalMentor Hadoop Bare Naked Local FileSystem).(Garret Wilson) has implemented a filesystem which can be used as a replacement for the classic FS, without the need for winutils Status November 10, 2022: Bare Nakes Local FS Used system so is isolated from driveby/email security attacks. These are built directly from the same git commit used to create the official ASF releases they are checked outĪnd built on a windows VM which is dedicated purely to testing Hadoop/YARN apps on Windows.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |