>> We did not allow a backport of ADLS to branch-2.7 when it was released in >> 2.8.0. There were technical reasons-...
Ok, I'm clear now branch-2.7 is already in maintenance mode and allows none of new features to be included. >> Moreover, one should be able to use a jar compiled for 2.9 in a 2.7 cluster, >> so the value of releasing this module with 2.7.5 or 2.8.3 is questionable. This sounds a good suggestion as a workaround for 2.7. For 2.8, as I'm still wondering if 2.8.3 is the last 2.8 release or not. If it is, I agree; otherwise, putting it in branch-2.8 and releasing it along with some other nice things in 2.8.4 would still be desirable. I'm thinking 2.8 releases would be the next one of popular favorites after 2.7 in line with 3.x. It could be too early to stop it, sure that also depends on potential interests and takings as you said in previous emails. Very likely I'm missed in the full picture but I want to catch up so that help in the future. >> Did anyone raise the Aliyun OSS backport during the 2.9.0 release >> discussion? I don't recall seeing it in the wiki or in any thread on the >> topic, but I may well have missed it. Since the vote on RC3 closes on Friday >> and looks likely to pass, this is very late to propose a new feature. Please >> raise this on the 2.9 release thread, so we can figure out how to handle it. Indeed not yet. Yes it looks rather late as we could see RC3 is being voted and goes fine. My idea is to put the work in branch-2.9 first and expect some new release after the 2.9.0 one. Sure let me raise it on the 2.9 release thread when it's the right time. Thanks Chris again for the education and the thoughts. Regards, Kai -----Original Message----- From: Zheng, Kai [mailto:kai.zh...@intel.com] Sent: Thursday, November 16, 2017 10:18 AM To: common-dev@hadoop.apache.org Subject: Backporting OSS module to branch 2.x There was some discussion about backporting OSS module to branch 2.x and per Chris's suggestion we should do it in the dev list. -----Original Message----- From: Chris Douglas [mailto:cdoug...@apache.org] Sent: Thursday, November 16, 2017 1:20 AM To: Zheng, Kai <kai.zh...@intel.com<mailto:kai.zh...@intel.com>> Cc: Junping Du <j...@hortonworks.com<mailto:j...@hortonworks.com>>; Konstantin Shvachko <shv.had...@gmail.com<mailto:shv.had...@gmail.com>>; s...@apache.org<mailto:s...@apache.org>; Jason Lowe <jl...@oath.com<mailto:jl...@oath.com>>; Steve Loughran <steve.lough...@gmail.com<mailto:steve.lough...@gmail.com>>; Jonathan Hung <jyhung2...@gmail.com<mailto:jyhung2...@gmail.com>>; Arun Suresh <asur...@apache.org<mailto:asur...@apache.org>>; Vinod Kumar Vavilapalli <vino...@apache.org<mailto:vino...@apache.org>>; secur...@hadoop.apache.org<mailto:secur...@hadoop.apache.org> Subject: Re: Potential security issue of XXE in Hadoop We should move this part of the thread back to the dev list. On Wed, Nov 15, 2017 at 2:33 AM, Zheng, Kai <kai.zh...@intel.com<mailto:kai.zh...@intel.com>> wrote: > We have some wish to backport Ali OSS support for some releases based on > 2.7/2.8/2.9. So per the discussion 2.9 should be fine; for 2.7 and 2.8, as we > haven't cut the 2.7.5 and 2.8.3 yet, I'm hoping we could still be able to do > that. We Intel folks would like to do some taking like the testing and > verifying. The backport work is tracked in [1] and currently Steve has some > concerns for 2.7 and 2.8, we're working the best to solve the concerns, > basically we'd avoid any package change (like httpclient) and make the > changes self-contained just in the Hadoop oss connector module. The backport > patches will be available soon. We did not allow a backport of ADLS to branch-2.7 when it was released in 2.8.0. There were technical reasons- new dependencies could conflict with existing 2.7 client code, patch releases would release at a slower cadence, etc.- but popularity of an older release is not a sufficient reason to change our version policy on features. We tried to get away with that in 0.16 (and a few other times) and it's never gone well. Moreover, one should be able to use a jar compiled for 2.9 in a 2.7 cluster, so the value of releasing this module with 2.7.5 or 2.8.3 is questionable. Did anyone raise the Aliyun OSS backport during the 2.9.0 release discussion? I don't recall seeing it in the wiki or in any thread on the topic, but I may well have missed it. Since the vote on RC3 closes on Friday and looks likely to pass, this is very late to propose a new feature. Please raise this on the 2.9 release thread, so we can figure out how to handle it. Version numbers are cheap, but cutting 2.10 only to include this module will create an annoying maintenance burden for a low payoff. Correspondingly, a 2.9.1 release with "only a few" new features is a repeat of history we should avoid. -C > @Konstantin, would you let me know when you'd cut the 2.7.5 release? Sounds > good to have the oss backport work? Note the module has been in trunk for > quite some time and the codes have been production exercised. Is there > anything we could take and help with? Our pleasure to do. Thanks! > > @Junping, for 2.8.3, my similar ask and we would also help. > > [1] https://issues.apache.org/jira/browse/HADOOP-14964 > > Regards, > Kai > --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org
