Conversation
|
Preview URL: https://pitrou.github.io/arrow-site If the preview URL doesn't work, you may forget to configure your fork repository for preview. |
pitrou
force-pushed
the
security-model
branch
2 times, most recently
from
448ff93 to
c3e008c
Compare
pitrou
force-pushed
the
security-model
branch
from
c3e008c to
c3db7b6
Compare
|
@alamb @amoeba @paleolimbot Thoughts about this? |
|
Also cc @raboof |
amoeba
left a comment
amoeba
left a comment
There was a problem hiding this comment.
Looks good. I had a few editorial comments.
Co-authored-by: Bryce Mecum <petridish@gmail.com>
Co-authored-by: Bryce Mecum <petridish@gmail.com>
Co-authored-by: Bryce Mecum <petridish@gmail.com>
Co-authored-by: Bryce Mecum <petridish@gmail.com>
Co-authored-by: Bryce Mecum <petridish@gmail.com>
| date: "2023-11-09 00:00:00" | ||
| author: pmc | ||
| categories: [release] | ||
| categories: [release, security] |
There was a problem hiding this comment.
Is the rationale for this to be marked with security related to the fact that this release was only a security fix?
This release contains a single security fix for PyArrow. Other implementations
|
|
||
| First, please carefully read the Apache Arrow | ||
| [Security Model](https://arrow.apache.org/docs/dev/format/Security.html) | ||
| and understand its implications, as some apparent security issues can actually |
There was a problem hiding this comment.
It might make sense here to explicitly list untrusted sources as I think that is the core potential attack vector that has been highlighted several times
Something like
| and understand its implications, as some apparent security issues can actually | |
| and understand its implications for untrusted data sources, as some apparent security issues can actually |
| --> | ||
|
|
||
| We are thrilled to announce the official publication of a | ||
| [Security Model](https://arrow.apache.org/docs/dev/format/Security.html) for Apache Arrow. |
There was a problem hiding this comment.
Maybe it is a delay, but this page does not seem to exist (yet?): https://arrow.apache.org/docs/dev/format/Security.html
There was a problem hiding this comment.
This will be available in the next nightly document update.
There was a problem hiding this comment.
It's still not found, I assume perhaps the docs failed building? Where does that happen?
There was a problem hiding this comment.
There are two different scheduled jobs that deploy the dev jobs one in this repo which picks the artifact built from the crossbow repo and deploys:
https://github.com/apache/arrow-site/actions/runs/21734214349/job/62695565423
And one on the crossbow repo that builds the docs:
https://github.com/ursacomputing/crossbow/actions/runs/21694339931/job/62561239884
Last deploy picked the build docs job from 2 days ago, so we might have to wait until the next one. Jobs seem successful.
We could try to align the timing a little more so we don't have to wait ~48 hours to see the dev docs deployed.
There was a problem hiding this comment.
That's a weird setup, is it out of necessity?
There was a problem hiding this comment.
Of course it's not horrible to have to wait 48 hours, it's just a bit surprising. I also wonder how we know when things failed for some reason.
There was a problem hiding this comment.
I also wonder how we know when things failed for some reason.
For the build docs is the nightly job, we get both an email and a zulip message on the nightlies stream.
For the deployment on the arrow-site I don't think we have any notification set-up. At least I'm not aware.
There was a problem hiding this comment.
That's a weird setup, is it out of necessity?
Probably not but is fair to say that is what's closer to our release/deployment setup. We use the same nightly job's workflow to build the release docs, download the .tar.gz and push those docs.
| @@ -0,0 +1,46 @@ | |||
| --- | |||
| layout: post | |||
| title: "Introducing a Security Model for Arrow" | |||
There was a problem hiding this comment.
Upon reflection, I am not sure what we have written is really a security "model" , in that it doesn't seem to be a formal scheme for applying security policies. I would say what we have written is more like "Security Best Practices" or a Trust Model (aka what should be trusted)
perhaps @raboof could help us here with the correct terminology for this concept (maybe it is Security Model)
Also, perhaps we should emphasize we are not (really) introducing a new model, instead in my mind we have instead formalized what was previously implicit. Perhaps a title such as
"Introducing Security Best Practices for Apache Arrow"
Would emphasize this better
There was a problem hiding this comment.
What we have here is more like how the ASF defines it rather than what Wikipedia makes it sound like. I don't have any issues with the current language but also have no experience in this field.
There was a problem hiding this comment.
Thanks -- that is a good reference. I agree per the ASF definition we have defined a security model and thus the current PR content / title is good
paleolimbot
left a comment
paleolimbot
left a comment
There was a problem hiding this comment.
I took a read through and the text is great. Thank you for working on this!
6 participants
TODO: