I am in no way in charge to make a decision here--I'm just the one nagging everyone to get their patches merged by Friday ;)--but my personal thoughts when looking at https://github.com/apache/arrow/pull/8325:
* The code and CI config have gRPC versions in various places. Before a release is a great time to bump the versions we build and test with, so that we have confidence that our code works with the latest released versions of dependencies. * The only version that is a requirement is https://github.com/apache/arrow/pull/8325/files#diff-2420b0c5b6bdad921f1d538f92d64b59R2516, and so that's the one we're concerned about increasing. If we can keep it low with an #ifdef, great. That said, I have no idea how slow people are to update gRPC, or even what constitutes "old", so I can't say how much extra complication it is worth to support old versions. * However, provided that the bundled build_grpc cmake macro works (surely we test that somewhere right?), if someone has ARROW_DEPENDENCY_SOURCE=AUTO *and* they have old gRPC on their system, instead of a build failure they'll just get a slower build with the bundled grpc included. That's not a bad experience, and if the user doesn't like it, presumably they can upgrade system gRPC and rebuild. Neal On Wed, Oct 7, 2020 at 12:35 PM Antoine Pitrou <anto...@python.org> wrote: > > Or perhaps we (meaning James :-)) can add an #ifdef-based switch. > > There's no need to penalize users of older gRPCs for a rather optional > feature (if you can call disabling a security verification a feature, of > course ;-)). > > Regards > > Antoine. > > > Le 07/10/2020 à 21:33, Wes McKinney a écrit : > > Given Google's "live at head" mantra, in principle I don't have a > > problem with requiring a < 1 year old version of gRPC > > > > On Wed, Oct 7, 2020 at 2:23 PM Antoine Pitrou <anto...@python.org> > wrote: > >> > >> > >> Le 07/10/2020 à 21:19, James Duong a écrit : > >>> Hi Neal, > >>> > >>> Are you the release manager for 2.0? > >>> I've been working on the task to disable server verification in Flight > >>> clients, and it appears we'll need > >>> to update the minimum gRPC version to at least 1.27 to support this. > >>> > >>> Would it be OK to do this for the 2.0. release? It looks like we also > need > >>> to update Ursa configurations here: > >>> > https://github.com/ursa-labs/ursabot/blob/e958c5f95b31e98108df54cf13596c4fde944c3a/projects/arrow/docker/conda-cpp.txt#L19 > >> > >> IMHO that implies a lot of potential issues to watch for, at the last > >> minute before a release. Personally, I'd rather see this in 3.0. > >> > >> Regards > >> > >> Antoine. >
