pan3793 commented on PR #2785: URL: https://github.com/apache/thrift/pull/2785#issuecomment-1522847794
> In my experience, every version of Thrift has been accompanied by a breaking change. This is one of the reasons why I don't understand why people seem to want to upgrade it so aggressively @ctubbsii How do you handle the CVEs then? The security team in some companies forcibly bans the jars which were reported CVEs, even if the project which uses Thrift does not really get affected. Similar questions on bugs. > ... such that they need to impose constraints on the anticipated future versions of Thrift. > I think a better approach, rather than hold back future versions of Thrift, is to encourage more maintenance releases on previous versions. The fact is Thrift lacks support for *today*'s widely adopted version, in the meanwhile, it aggressively makes breaking changes, I suppose the option you suggested needs more community resources than "avoid breaking changes as much as possible". -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
