pan3793 commented on PR #2785: URL: https://github.com/apache/thrift/pull/2785#issuecomment-1521164034
> Development on new versions of Thrift aren't for today. New releases of Thrift would be released to be adopted in the future. @ctubbsii That's a good point, but in the meanwhile, as a widely adopted component, *today*'s versions should get actively maintained too. What are the versions for *today*? And what's the support policy of *today*'s versions? Based on the statistics of [Maven Central](https://mvnrepository.com/artifact/org.apache.thrift/libthrift), the most adopted versions are 0.9.x and 0.12.x, can we treat them as versions for *today*? Can I request a security-patched/bug-fix version for them? <img width="1309" alt="image" src="https://user-images.githubusercontent.com/26535726/234173762-f2c40b42-7b57-4926-8591-ea0281f9aaf8.png";> Thrift 0.13.0 made lots of [breaking changes](https://github.com/apache/thrift/blob/v0.13.0/CHANGES.md#breaking-changes) including THRIFT-4725 in Java, that's one of the reasons why the lower versions are adopted widely today, even they have known CVEs. Drops Java8 support is another significant breaking change. Another fact is the indirect consumer of Thrift may take a quite long time to adopt the new Thrift when breaking changes are introduced. Let's say that Apache Hive is a direct consumer of Apache Thrift, the latest stable release of Hive is [3.1.3](https://mvnrepository.com/artifact/org.apache.hive/hive-metastore/3.1.3), which adopts Thrift 0.9.3. Apache Spark depends on Hive 2.3.9(which also uses Thrift 0.9.3) now, Spark adopts Thrift 0.12.0 because it is compatible w/ 0.9.3, but can not use 0.13 or any above versions, because of the breaking change THRIFT-4725. (See detail in SPARK-37090) Assume the next Hive stable version 4.0.0 available in 2023, which likely ships [Thrift 0.16](https://mvnrepository.com/artifact/org.apache.hive/hive-metastore/4.0.0-alpha-2), because it still supports Java8. It may take several years for the downstream project(e.g. Spark) of Hive to adopt Hive 4.0 and therefore adopts Thrift 0.16. But what about the downstream of Spark? Will 0.16 get maintained on those days? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
![https://user-images.githubusercontent.com/26535726/234173762-f2c40b42-7b57-4926-8591-ea0281f9aaf8.png"](https://user-images.githubusercontent.com/26535726/234173762-f2c40b42-7b57-4926-8591-ea0281f9aaf8.png"){kind=link}