[
https://issues.apache.org/jira/browse/PHOENIX-6010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17170553#comment-17170553
]
Istvan Toth commented on PHOENIX-6010:
--------------------------------------
Thanks for taking the time to look at this [~dbwong].
We have removed Guava from PQS and Connectors recently, before the
phoenix-thirdparty plan was proposed. (One recent commit may have re-added
Guava to Connectors, I'll need to check), so it is not an issue.
The Java 8 issue was discussed in more detail the follow-up thread to
PHOENIX-5855 :
[https://lists.apache.org/thread.html/r33963ee0813d0f4105570bbf653476b34ebe0cadbff31773bd75785d%40%3Cdev.phoenix.apache.org%3E]
Our current consensus is that while master is built with Java8, we discourage
using Java8 features even on master, to reduce branch divergence, and make
back/forward porting code easier. Moving 4.x to Java 8 was considered, and
rejected.
While technically we could create a phoenix-thirdparty version from guava
29-jre, and use it in Phoenix master only, I don't think that it would net any
gains, but would have drawbacks (complexity, jar bloat, possible
incompatibilities)
We could theoretically also split Tephra and Phoenix into a HBase 1.x/Java7 and
HBase 2.x/Java8 branch, but I don't think that anyone would want to take on the
burden of maintaining more branches, if it can can be avoided at all.
The last "normal" branch of Guava with Java 7 support was 20, which has open
CVEs.
The official overview on the differences between -jre and -android Guava
[https://github.com/google/guava/wiki/Android]
suggests that it is safe to use for us. The majority of our Guava use is
convenience functions, with the notable exception of Cache, which is called out
in the above docs as for not being optimised for -android (i.e., should be the
same as -jre)
That said, enumerating the Guava uses in Phoenix and dependencies, and checking
whether there are performance-critical uses that may be affected by the switch
would be useful.
> Create phoenix-thirdparty, and consume guava through it
> -------------------------------------------------------
>
> Key: PHOENIX-6010
> URL: https://issues.apache.org/jira/browse/PHOENIX-6010
> Project: Phoenix
> Issue Type: Improvement
> Components: core, omid, tephra
> Affects Versions: 5.1.0, 4.16.0
> Reporter: Istvan Toth
> Assignee: Istvan Toth
> Priority: Major
>
> We have long-standing and well-documented problems with Guava, just like the
> rest of the Hadoop components.
> Adopt the solution used by HBase:
> * create phoenix-thirdparty repo
> * create a pre-shaded phoenix-shaded-guava artifact in it
> * Use the pre-shaded Guava in every phoenix component
> The advantages are well-known, but to name a few:
> * Phoenix will work with Hadoop 3.1.3+
> * One less CVE in our direct dependencies
> * No more conflict with our consumer's Guava versions
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
