There are some critical security warnings from dependabot... I've filed HBASE-27412 for bumping the dependency versions for hbase-thirdparty, and we need to make a new hbase-thirdparty first...
Thanks. Andrew Purtell <apurt...@apache.org> 于2022年10月5日周三 03:36写道: > > Sounds good Duo. > > On Tue, Oct 4, 2022 at 5:15 AM 张铎(Duo Zhang) <palomino...@gmail.com> wrote: > > > Let's get HBASE-27401 in before 2.5.1. It is just some style fix about > > our javadoc and I think it will be done in a few days... > > > > Thanks. > > > > Bryan Beaudreault <bbeaudrea...@hubspot.com.invalid> 于2022年10月4日周二 > > 01:27写道: > > > > > > Thanks for your thoughts. I put a PR up a few moments ago for > > HBASE-27381. > > > I'll start up threads for discussing the other two points. > > > > > > On Mon, Oct 3, 2022 at 1:05 PM Andrew Purtell <apurt...@apache.org> > > wrote: > > > > > > > Thanks Bryan. Responses inline. > > > > > > > > On Tue, Sep 27, 2022 at 11:31 AM Bryan Beaudreault > > > > <bbeaudrea...@hubspot.com.invalid> wrote: > > > > > > > > > Thanks Andrew! > > > > > > > > > > One thing I noticed from 2.5.0 was that a few JIRAs were included in > > that > > > > > release which did not have the proper fixVersions set (so did not > > show up > > > > > in CHANGES.md > > > > <http://CHANGES.md>). > > > > I fixed 4 of them before realizing that may not be the way > > > > > we should handle it. See [1] for the 4 I fixed (which we could > > revert to > > > > > 2.5.1 if appropriate), there may be others. > > > > > > > > > > > > > JIRA is supposed to be the canonical source of fix version data, so if > > > > there have been mistakes, the most important thing to do is update JIRA > > > > with corrections. If I understand you correctly this is what you were > > > > doing, and that would be the correct course of action imho. Then, if > > there > > > > was a significant omission from the changelog (something critical or > > > > blocker, I would say), we could always put out another release > > announcement > > > > indicating the changelog corrections, or just do that anyway. > > > > > > > > For the 2.5.1 release I will make a note that the 2.5.0 part of the > > > > changelog should be regenerated too to pick up the corrections. > > > > > > > > > > > > > I have filed a few small bugs which I just set the fixVersion to > > 2.5.1 > > > > and > > > > > will try to get PRs out for soon, but we could also push them out if > > > > > needed. > > > > > > > > > > I also have https://issues.apache.org/jira/browse/HBASE-27381 > > > > <https://issues.apache.org/jira/browse/HBASE-27381> > > > > which would > > > > > be helpful to have opinions on since it might be worth fixing for > > 2.5.1 > > > > if > > > > > possible. It's a recurrence of a past gnarly bug with some API > > > > > compatibility concerns. > > > > > > > > > > > > > +1 for removal. We should get this into the next 2.4 and 2.5 releases. > > I > > > > will defend the change. > > > > > > > > > > > > > > A 2.6.0 release this calendar year would be great! We have completed > > most > > > > > of the TLS work at this point. One other thing I was considering > > adding > > > > to > > > > > 2.6.0 was a backport of hbase-backups. There is a PR [2] from > > > > Mallikarjun, > > > > > we are currently evaluating internally. I think backporting to 2.x > > will > > > > > help get more exposure and contributions, since most people aren't > > > > running > > > > > 3.0-alpha and there's still a backlog of nice-to-haves in the "Phase > > 4" > > > > > jira [3] that have languished a bit. I realize this might even > > require a > > > > > VOTE thread given the past history? I was only going to bring it up > > if > > > > our > > > > > evaluation worked out, but seemed relevant to your 2.6.0 question. > > > > > > > > > > > > > Let's discuss what release criteria for TLS RPC might look like. We > > can set > > > > a tentative release date for 2.6.0 for the second week of December, > > with RC > > > > in the first week, to get things moving. Let's start a new thread on > > what > > > > kind of testing and qualification people would like to see. I have some > > > > thoughts on the minimum bar I would set as a RM. > > > > > > > > Regarding the proposed backport of hbase-backups, what I would suggest > > is > > > > raising a DISCUSS thread first. We shouldn't need a VOTE if we can get > > a > > > > consensus that the backport is fine, perhaps after giving the feature > > the > > > > usual qualification of "experimental" when performing a backport of > > this > > > > nature. An alternative viewpoint would be we should finish and polish > > the > > > > 3.0.0 release to ship backup. Help Duo finish it, get a 3.0.0 out that > > is > > > > not designated alpha. I do want to acknowledge the tradeoff... In > > order to > > > > make use of a backup feature released in 3.0.0, one would need to > > upgrade > > > > production to it, which may be a bridge too far; and so any > > significant use > > > > of it might be delayed, maybe for a long time, but if it were released > > in a > > > > 2.x version it would likely get near term evaluation. Anyway this would > > > > make a great separate DISCUSS thread :-) . > > > > > > > > > > > > > > > > > > > > > > [1] > > > > > > > > > > > > > > > > https://issues.apache.org/jira/browse/HBASE-27241?jql=text%20~%20%22%5C%22Seems%20this%20actually%20landed%20in%202.5.0%5C%22%22 > > > > < > > https://issues.apache.org/jira/browse/HBASE-27241?jql=text%20~%20%22%5C%22Seems%20this%20actually%20landed%20in%202.5.0%5C%22%22 > > > > > > > > [2] https://github.com/apache/hbase/pull/4770 > > > > <https://github.com/apache/hbase/pull/4770> > > > > > [3] https://issues.apache.org/jira/browse/HBASE-17362 > > > > <https://issues.apache.org/jira/browse/HBASE-17362> > > > > > > > > > > On Tue, Sep 27, 2022 at 11:13 AM Andrew Purtell < > > > > andrew.purt...@gmail.com> > > > > > wrote: > > > > > > > > > > > We are already flattening and the proposed change adds release > > > > artifacts > > > > > > for hadoop3 using a new “hadoop3” classifier — at least, that is > > the > > > > > plan, > > > > > > let’s see if it works — and so the changes are additive. The > > default > > > > > build, > > > > > > which downstreamers consume as of 2.5.0 and all previous releases, > > > > > remains > > > > > > unchanged with respect to its dependency set. I think this means > > the > > > > > > changes are additive and orthogonal. That said I’d be fine with > > waiting > > > > > > until 2.6.0 to introduce the hadoop3 variant… in which case I would > > > > begin > > > > > > work on 2.6.0RC0 for anticipated release this calendar year. YDYT? > > > > > > > > > > > > > On Sep 27, 2022, at 7:15 AM, 张铎 <palomino...@gmail.com> wrote: > > > > > > > > > > > > > > But I think flatten the pom profiles itself is also useful? It > > does > > > > > > > not make sense(and also does not work...) to activate a profile > > which > > > > > > > pulls in jars that are different from the ones we depend at the > > time > > > > > > > when building the hbase artifacts... > > > > > > > > > > > > > > Nick Dimiduk <ndimi...@apache.org> 于2022年9月27日周二 19:48写道: > > > > > > > > > > > > > >> > > > > > > >> Yes -- that's why I brought it up in this discussion. I think > > that > > > > we > > > > > > >> should either finish the effort before 2.5.1 or revert it from > > > > > > >> branch-2.5 until we have a more complete implementation in > > place. > > > > > > >> > > > > > > >>> On Tue, Sep 27, 2022 at 12:15 PM 张铎(Duo Zhang) < > > > > > palomino...@gmail.com> > > > > > > wrote: > > > > > > >>> > > > > > > >>> We already include HBASE-27340 in branch-2.5... So in the 2.5.1 > > > > > > >>> release we will flatten the pom file, if we do not revert this > > > > > > >>> commit... > > > > > > >>> > > > > > > >>> Nick Dimiduk <ndimi...@apache.org> 于2022年9月27日周二 16:46写道: > > > > > > >>>> > > > > > > >>>> I am also concerned about the feature that squashes out the > > > > profiles > > > > > > from > > > > > > >>>> our poms. To me, specifying the maven profile at build time > > is a > > > > > part > > > > > > of > > > > > > >>>> the API contract that we should not break in a patch release. > > I’d > > > > > > like to > > > > > > >>>> see that feature integrated into the do-release tooling such > > that > > > > > two > > > > > > sets > > > > > > >>>> of squished artifacts/maven repos are produced. And of course, > > > > > > updating the > > > > > > >>>> docs to explain how these are consumed. > > > > > > >>>> > > > > > > >>>> Maybe we need a minor release line where we ship both the old > > > > style > > > > > > and the > > > > > > >>>> new style artifacts? We could do that with 2.5… > > > > > > >>>> > > > > > > >>>> Thanks, > > > > > > >>>> Nick > > > > > > >>>> > > > > > > >>>> On Tue, Sep 27, 2022 at 03:40 张铎(Duo Zhang) < > > > > palomino...@gmail.com> > > > > > > wrote: > > > > > > >>>> > > > > > > >>>>> Thanks Andrew for taking care of this. > > > > > > >>>>> > > > > > > >>>>> For me there is an issue HBASE-27359, where we can publish > > > > > different > > > > > > >>>>> maven artifacts for hadoop2 and hadoop3, it can solve the > > problem > > > > > > >>>>> brought up by the phoenix guys. Do you think we should > > include > > > > this > > > > > > in > > > > > > >>>>> branch-2.5 and start from 2.5.1 or maybe 2.5.2 if it is too > > late > > > > > for > > > > > > >>>>> 2.5.1, to publish different maven artifacts for hadoop2 and > > > > > hadoop3, > > > > > > >>>>> or we still keep 2.5.x as is, and include this in the up > > coming > > > > > 2.6.x > > > > > > >>>>> release line? > > > > > > >>>>> > > > > > > >>>>> Thanks. > > > > > > >>>>> > > > > > > >>>>> Andrew Purtell <apurt...@apache.org> 于2022年9月27日周二 06:52写道: > > > > > > >>>>> > > > > > > >>>>>> > > > > > > >>>>>> It has been about a month since 2.5.0 and there are ~42 > > issues > > > > > > >>>>>> < > > > > > > >>>>> > > > > > > > > > > > > > > > > > https://issues.apache.org/jira/issues/?jql=project%3Dhbase%20and%20(%20fixVersion%3D2.5.1%20or%20affectedVersion%20%3D%202.5.1%20) > > > > < > > https://issues.apache.org/jira/issues/?jql=project%3Dhbase%20and%20(%20fixVersion%3D2.5.1%20or%20affectedVersion%20%3D%202.5.1%20) > > > > > > > > > < > > > > > > > > > > > https://issues.apache.org/jira/issues/?jql=project%3Dhbase%20and%20(%20fixVersion%3D2.5.1%20or%20affectedVersion%20%3D%202.5.1%20) > > > > < > > https://issues.apache.org/jira/issues/?jql=project%3Dhbase%20and%20(%20fixVersion%3D2.5.1%20or%20affectedVersion%20%3D%202.5.1%20) > > > > > > > > > > > > > > > >>>>>> > > > > > > >>>>>> related to 2.5.1. This week I will be grooming the issue > > tracker > > > > > > for a RC > > > > > > >>>>>> next week.If you have any pending work for branch-2.5 that > > you > > > > > > would like > > > > > > >>>>>> to get in, please set the fix version accordingly. > > > > > > >>>>>> > > > > > > >>>>>> -- > > > > > > >>>>>> Best regards, > > > > > > >>>>>> Andrew > > > > > > >>>>> > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Best regards, > > > > Andrew > > > > > > > > Unrest, ignorance distilled, nihilistic imbeciles - > > > > It's what we’ve earned > > > > Welcome, apocalypse, what’s taken you so long? > > > > Bring us the fitting end that we’ve been counting on > > > > - A23, Welcome, Apocalypse > > > > > > > > > -- > Best regards, > Andrew > > Unrest, ignorance distilled, nihilistic imbeciles - > It's what we’ve earned > Welcome, apocalypse, what’s taken you so long? > Bring us the fitting end that we’ve been counting on > - A23, Welcome, Apocalypse
