+1 (non-binding) Thanks for raising the proposal!
2026년 4월 24일 (금) 오후 8:23, Mark Hamstra <[email protected]>님이 작성: > +1 > > On Fri, Apr 24, 2026 at 3:15 AM Cheng Pan <[email protected]> wrote: > > > > +1 (non-binding) > > > > Java/Scala deps are controlled manually so it’s easy to audit, also > looking forward to a lock file (or similar things) for Python deps so we > know which exact version of deps are used for testing. > > > > Thanks, > > Cheng Pan > > > > > > > > On Apr 24, 2026, at 18:03, Steve Loughran <[email protected]> wrote: > > > > > > +1 (non binding) > > > > On Fri, 24 Apr 2026 at 00:03, Tian Gao via dev <[email protected]> > wrote: > >> > >> Hi, as discussed in > https://lists.apache.org/thread/lwgqo36pqzlddtq2f8fxy6c1jj8go4x6 , I'm > proposing a vote for a buffer time to upgrade our dependencies. > >> > >> The proposal is: > >> For the apache/spark repo only, we can only upgrade third-party > dependencies (including Apache projects) to a version released at least > seven days ago. This covers Java, Python and all other dependencies. > Security upgrades are exempted and will be conducted by PMCs. > >> > >> [ ] +1: approve > >> [ ] 0: no opinion > >> [ ] - 1: disapprove > >> > >> This is a procedural vote (no code change) so we need a simple majority > (more +1s than -1s). > >> > >> Tian > > > > > > --------------------------------------------------------------------- > To unsubscribe e-mail: [email protected] > >
