[jira] [Commented] (HADOOP-13363) Upgrade protobuf from 2.5.0 to something newer

[Tsuyoshi Ozawa (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-13363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16883990#comment-16883990
 ] 

Tsuyoshi Ozawa commented on HADOOP-13363:
-----------------------------------------

I'm happy that Anu, Yikun, and Steven resume the conversation :-) 

I don't know it is good time to do the upgrade event. Maybe the most difficult 
part of this task is to get consensus among us. This is because the upgrade can 
disrupt other projects which depend on Apache Hadoop as Steve said. In my 
experience, a lesson which I learned from Guava updating, though I have 
recognized it as a failure because the patch was reverted, is we should keep 
the dependencies on common libraries even if Apache Hadoop itself doesn't use 
it. 

So, a safer way for the ecosystem I came up with is as follows:
1. Shading updated protobuf version e.g. protobuf v3.
2. Gradually replacing existent parts where protobuf v2.5 is used with protobuf 
v3. This can be done on a non-master branch. Here, we remain the dependency on 
protobuf v 2.5. This is because other projects may use it.
3. Announcing when to delete the dependency. 
4. Removing the dependency on the future version.

This kind of gradual replacing approach might be acceptable by the Hadoop 
ecosystem, I think.

> Upgrade protobuf from 2.5.0 to something newer
> ----------------------------------------------
>
>                 Key: HADOOP-13363
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13363
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: build
>    Affects Versions: 3.0.0-alpha1, 3.0.0-alpha2
>            Reporter: Allen Wittenauer
>            Priority: Major
>              Labels: security
>         Attachments: HADOOP-13363.001.patch, HADOOP-13363.002.patch, 
> HADOOP-13363.003.patch, HADOOP-13363.004.patch, HADOOP-13363.005.patch
>
>
> Standard protobuf 2.5.0 does not work properly on many platforms.  (See, for 
> example, https://gist.github.com/BennettSmith/7111094 ).  In order for us to 
> avoid crazy work arounds in the build environment and the fact that 2.5.0 is 
> starting to slowly disappear as a standard install-able package for even 
> Linux/x86, we need to either upgrade or self bundle or something else.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org