Hi Ekaterina, We should regularly update libraries but we should be careful doing so in stable releases as dependency changes are inherently risky. In my experience we should take libraries with security fixes in stable releases. For unreleased versions we should take an approach of regularly auditing and updating libraries. Right now it is on a need basis when someone reports a jira.
Thanks, Dinesh > On Feb 20, 2020, at 1:06 PM, Ekaterina Dimitrova > <ekaterina.dimitr...@datastax.com> wrote: > > Hi Nate, Deepak, all, > Back to this topic. Thank you for your responses and valuable feedback. > Definitely, the dependencies documentation and the maven repo are great > resources. > > My question was really about the process to follow to update regularly the > libraries. > > So my understanding is that there is no process. Thank you > > I saw some discussions on slack after my email. Different people have > different experiences with this from a variety of projects which is great. > Do you want me to summarize and try to come up with options? > > Ekaterina Dimitrova | Software Engineer > ekaterina.dimitr...@datastax.com | datastax.com > <http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature> > > >> >> *From:* Deepak Vohra <dvohr...@yahoo.com.INVALID> >> *Date:* 11 February 2020, 17:14:56 GMT-5 >> *To:* dev@cassandra.apache.org >> *Subject:* *Re: Libraries update* >> *Reply-To:* dev@cassandra.apache.org >> >> For specific versions of dependencies scroll down for the Compile >> Dependencies and Managed Dependencies at Maven Repository: >> org.apache.cassandra » cassandra-all » 4.0-alpha3 >> >> >> | >> | >> | >> | | | >> >> | >> >> | >> | >> | | >> Maven Repository: org.apache.cassandra » cassandra-all » 4.0-alpha3 >> >> >> | >> >> | >> >> | >> >> >> >> Or, if not these, what other dependencies are being referred >> to?thanks,Deepak On Tuesday, February 11, 2020, 08:09:41 p.m. UTC, Tomo >> Suzuki <suzt...@google.com.invalid> wrote: >> >> do you think it would be a good idea to get a certain >> >> view on those and see what can be easily updated? >> >> Yes! >> With more up-to-date dependencies, Cassandra will work with other open >> source software smoothly. Looking forward. >> >> On Tue, Feb 11, 2020 at 2:44 PM Ekaterina Dimitrova >> <ekaterina.dimitr...@datastax.com> wrote: >> >> >> Hello everyone, >> >> I was looking into some library updates these dates as per user requests. >> >> This made me think about one thing. As we approach the new version release, >> >> were the versions of the libraries cassandra depends on sanitized in any >> >> way? Is there an overall view or plans for updates? Or is it done on a >> >> case by case basis? >> >> If it is not done, do you think it would be a good idea to get a certain >> >> view on those and see what can be easily updated? I know it is late for big >> >> rewrites but at least maybe we can update to new versions those which don't >> >> introduce big changes? >> >> Any thoughts? Objections? >> >> >> Ekaterina Dimitrova | Software Engineer >> >> ekaterina.dimitr...@datastax.com | datastax.com >> >> < >> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature >>> >> >> >> >> >> -- >> Regards, >> Tomo >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org >> For additional commands, e-mail: dev-h...@cassandra.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org For additional commands, e-mail: dev-h...@cassandra.apache.org
