Announce Arrow security model #753
Conversation
|
Preview URL: https://pitrou.github.io/arrow-site If the preview URL doesn't work, you may forget to configure your fork repository for preview. |
pitrou
force-pushed
the
security-model
branch
2 times, most recently
from
448ff93 to
c3e008c
Compare
pitrou
force-pushed
the
security-model
branch
from
c3e008c to
c3db7b6
Compare
|
@alamb @amoeba @paleolimbot Thoughts about this? |
|
Also cc @raboof |
amoeba
left a comment
amoeba
left a comment
There was a problem hiding this comment.
Looks good. I had a few editorial comments.
Co-authored-by: Bryce Mecum <petridish@gmail.com>
Co-authored-by: Bryce Mecum <petridish@gmail.com>
Co-authored-by: Bryce Mecum <petridish@gmail.com>
Co-authored-by: Bryce Mecum <petridish@gmail.com>
Co-authored-by: Bryce Mecum <petridish@gmail.com>
| date: "2023-11-09 00:00:00" | ||
| author: pmc | ||
| categories: [release] | ||
| categories: [release, security] |
There was a problem hiding this comment.
Is the rationale for this to be marked with security related to the fact that this release was only a security fix?
This release contains a single security fix for PyArrow. Other implementations
There was a problem hiding this comment.
Sorry for not answering earlier. Yes, that is the rationale. I don't know if that is a good idea as we have not been announcing security fixes consistently on the blog.
There was a problem hiding this comment.
Anyway, we can remove this keyword later so it should probably not block this PR.
There was a problem hiding this comment.
I agree -- if it turns out to be a problem we can remove the keyword
security.md
Outdated
|
|
||
| First, please carefully read the Apache Arrow | ||
| [Security Model](https://arrow.apache.org/docs/dev/format/Security.html) | ||
| and understand its implications, as some apparent security issues can actually |
There was a problem hiding this comment.
It might make sense here to explicitly list untrusted sources as I think that is the core potential attack vector that has been highlighted several times
Something like
| and understand its implications, as some apparent security issues can actually | |
| and understand its implications for untrusted data sources, as some apparent security issues can actually |
There was a problem hiding this comment.
Thanks for the suggestion, that seems like a good idea.
| @@ -0,0 +1,46 @@ | |||
| --- | |||
| layout: post | |||
| title: "Introducing a Security Model for Arrow" | |||
There was a problem hiding this comment.
Upon reflection, I am not sure what we have written is really a security "model" , in that it doesn't seem to be a formal scheme for applying security policies. I would say what we have written is more like "Security Best Practices" or a Trust Model (aka what should be trusted)
perhaps @raboof could help us here with the correct terminology for this concept (maybe it is Security Model)
Also, perhaps we should emphasize we are not (really) introducing a new model, instead in my mind we have instead formalized what was previously implicit. Perhaps a title such as
"Introducing Security Best Practices for Apache Arrow"
Would emphasize this better
There was a problem hiding this comment.
What we have here is more like how the ASF defines it rather than what Wikipedia makes it sound like. I don't have any issues with the current language but also have no experience in this field.
There was a problem hiding this comment.
Thanks -- that is a good reference. I agree per the ASF definition we have defined a security model and thus the current PR content / title is good
paleolimbot
left a comment
paleolimbot
left a comment
There was a problem hiding this comment.
I took a read through and the text is great. Thank you for working on this!
|
Thanks again for getting this published @pitrou |
|
The blog is live here in case anyone is looking for it: https://arrow.apache.org/blog/2026/02/09/arrow-security-model/ |
6 participants
Uh oh!
There was an error while loading. Please reload this page.