Hi Sijie, Can we make it before the 2.8.0 release?
I hope we could do it. Currently the Presto distribution as part of Apache Pulsar distribution causes some issues. Security Vulnerability Scanners such as Sonatype IQ server flag the Pulsar distribution as vulnerable because of the old libraries included in the Presto distribution which is bundled as part of the Pulsar distributions. These are the issues caused by Presto distribution in the master branch: pkg:maven/com.ning/async-http-client@1.6.5 <https://ossindex.sonatype.org/component/pkg:maven/com.ning/async-http-client@1.6.5?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5> pkg:maven/org.eclipse.jetty/jetty-io@9.4.27.v20200227 <https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-io@9.4.27.v20200227?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5> pkg:maven/org.eclipse.jetty/jetty-server@9.4.27.v20200227 <https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-server@9.4.27.v20200227?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5> pkg:maven/io.netty/netty@3.10.6.Final <https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty@3.10.6.Final?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5> pkg:maven/com.squareup.okhttp3/okhttp@3.9.0 <https://ossindex.sonatype.org/component/pkg:maven/com.squareup.okhttp3/okhttp@3.9.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5> pkg:maven/org.codehaus.plexus/plexus-utils@2.0.6 <https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.plexus/plexus-utils@2.0.6?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5> (This list is from OWASP Dependency Check, created with command "mvn clean install -DskipTests; mvn -Pmain,skip-all,skipDocker,owasp-dependency-check initialize verify -pl distribution/server") If we cannot make it before the 2.8.0 release, what is the updated schedule? Is someone actively working on contributing the Pulsar connector to the Trino project? BR, Lari On Tue, Apr 27, 2021 at 1:10 AM Sijie Guo <guosi...@gmail.com> wrote: > We will try to make it before the 2.8.0 release. If we can't make it, we > will still release the presto connector for 2.8.0 and remove it once it > lands in upstream Trino. > > - Sijie > > On Mon, Apr 26, 2021 at 1:43 PM Enrico Olivelli <eolive...@gmail.com> > wrote: > > > Il giorno lun 26 apr 2021 alle ore 21:47 Jerry Peng > > <jerry.boyang.p...@gmail.com> ha scritto: > > > > > > Sijie, > > > > > > Sounds good! > > > > > > On Mon, Apr 26, 2021 at 11:48 AM Sijie Guo <si...@apache.org> wrote: > > > > > > > Hi all, > > > > > > > > I want to share an update on the presto connector for PIP-62. > > > > > > > > We have talked to the Trino community about contributing the > > Presto/Trino > > > > connector to the Trino project. The Trino community is happy to > accept > > the > > > > connector. > > > > This is great news > > > > So we will stop the work of moving the presto connector out of > > > > the main repo for PIP-62. Instead, we will focus on contributing the > > presto > > > > connector to the Trino project. After that is done, we will remove > the > > > > presto connector from the master. > > > > Do you think that this will happen before cutting 2.8.0 release ? > > > > Enrico > > > > > > > > > > Let me know if you have any questions. > > > > > > > > Thanks, > > > > Sijie > > > > > > >
