Re: Libraries update

2020-02-20 Thread Dinesh Joshi 
Hi Ekaterina,

We should regularly update libraries but we should be careful doing so in 
stable releases as dependency changes are inherently risky. In my experience we 
should take libraries with security fixes in stable releases. For unreleased 
versions we should take an approach of regularly auditing and updating 
libraries. Right now it is on a need basis when someone reports a jira.

Thanks,

Dinesh

> On Feb 20, 2020, at 1:06 PM, Ekaterina Dimitrova 
>  wrote:
> 
> Hi Nate, Deepak, all,
> Back to this topic. Thank you for your responses and valuable feedback.
> Definitely, the dependencies documentation and the maven repo are great
> resources.
> 
> My question was really about the process to follow to update regularly the
> libraries.
> 
> So my understanding is that there is no process. Thank you
> 
> I saw some discussions on slack after my email. Different people have
> different experiences with this from a variety of projects which is great.
> Do you want me to summarize and try to come up with options?
> 
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitr...@datastax.com | datastax.com
> <http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION_+medium=email_source=signature>
> 
> 
>> 
>> *From:* Deepak Vohra 
>> *Date:* 11 February 2020, 17:14:56 GMT-5
>> *To:* dev@cassandra.apache.org
>> *Subject:* *Re:  Libraries update*
>> *Reply-To:* dev@cassandra.apache.org
>> 
>>  For specific versions of dependencies scroll down for the Compile
>> Dependencies and Managed Dependencies at Maven Repository:
>> org.apache.cassandra » cassandra-all » 4.0-alpha3
>> 
>> 
>> |
>> |
>> |
>> |  |  |
>> 
>> |
>> 
>> |
>> |
>> |  |
>> Maven Repository: org.apache.cassandra » cassandra-all » 4.0-alpha3
>> 
>> 
>> |
>> 
>> |
>> 
>> |
>> 
>> 
>> 
>> Or, if not these, what other dependencies are being referred
>> to?thanks,DeepakOn Tuesday, February 11, 2020, 08:09:41 p.m. UTC, Tomo
>> Suzuki  wrote:
>> 
>> do you think it would be a good idea to get a certain
>> 
>> view on those and see what can be easily updated?
>> 
>> Yes!
>> With more up-to-date dependencies, Cassandra will work with other open
>> source software smoothly. Looking forward.
>> 
>> On Tue, Feb 11, 2020 at 2:44 PM Ekaterina Dimitrova
>>  wrote:
>> 
>> 
>> Hello everyone,
>> 
>> I was looking into some library updates these dates as per user requests.
>> 
>> This made me think about one thing. As we approach the new version release,
>> 
>> were the versions of the libraries cassandra depends on sanitized in any
>> 
>> way? Is there an overall view or plans for updates? Or is it done on a
>> 
>> case by case basis?
>> 
>> If it is not done, do you think it would be a good idea to get a certain
>> 
>> view on those and see what can be easily updated? I know it is late for big
>> 
>> rewrites but at least maybe we can update to new versions those which don't
>> 
>> introduce big changes?
>> 
>> Any thoughts? Objections?
>> 
>> 
>> Ekaterina Dimitrova | Software Engineer
>> 
>> ekaterina.dimitr...@datastax.com | datastax.com
>> 
>> <
>> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION_+medium=email_source=signature
>>> 
>> 
>> 
>> 
>> 
>> --
>> Regards,
>> Tomo
>> 
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org
>> For additional commands, e-mail: dev-h...@cassandra.apache.org
>> 
>> 


-
To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org
For additional commands, e-mail: dev-h...@cassandra.apache.org

Re: Libraries update

2020-02-11 Thread Deepak Vohra 
 For specific versions of dependencies scroll down for the Compile Dependencies 
and Managed Dependencies at Maven Repository: org.apache.cassandra » 
cassandra-all » 4.0-alpha3


| 
| 
| 
|  |  |

 |

 |
| 
|  | 
Maven Repository: org.apache.cassandra » cassandra-all » 4.0-alpha3


 |

 |

 |



Or, if not these, what other dependencies are being referred to?thanks,Deepak   
 On Tuesday, February 11, 2020, 08:09:41 p.m. UTC, Tomo Suzuki 
 wrote:  
 
 > do you think it would be a good idea to get a certain
view on those and see what can be easily updated?

Yes!
With more up-to-date dependencies, Cassandra will work with other open
source software smoothly. Looking forward.

On Tue, Feb 11, 2020 at 2:44 PM Ekaterina Dimitrova
 wrote:
>
> Hello everyone,
> I was looking into some library updates these dates as per user requests.
> This made me think about one thing. As we approach the new version release,
> were the versions of the libraries cassandra depends on sanitized in any
> way? Is there an overall view or plans for updates? Or is it done on a
> case by case basis?
> If it is not done, do you think it would be a good idea to get a certain
> view on those and see what can be easily updated? I know it is late for big
> rewrites but at least maybe we can update to new versions those which don't
> introduce big changes?
> Any thoughts? Objections?
>
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitr...@datastax.com | datastax.com
> 



-- 
Regards,
Tomo

-
To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org
For additional commands, e-mail: dev-h...@cassandra.apache.org

Re: Libraries update

2020-02-11 Thread Tomo Suzuki 
> do you think it would be a good idea to get a certain
view on those and see what can be easily updated?

Yes!
With more up-to-date dependencies, Cassandra will work with other open
source software smoothly. Looking forward.

On Tue, Feb 11, 2020 at 2:44 PM Ekaterina Dimitrova
 wrote:
>
> Hello everyone,
> I was looking into some library updates these dates as per user requests.
> This made me think about one thing. As we approach the new version release,
> were the versions of the libraries cassandra depends on sanitized in any
> way? Is there an overall view or plans for updates? Or is it done on a
> case by case basis?
> If it is not done, do you think it would be a good idea to get a certain
> view on those and see what can be easily updated? I know it is late for big
> rewrites but at least maybe we can update to new versions those which don't
> introduce big changes?
> Any thoughts? Objections?
>
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitr...@datastax.com | datastax.com
> 



-- 
Regards,
Tomo

-
To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org
For additional commands, e-mail: dev-h...@cassandra.apache.org

Re: Libraries update

2020-02-11 Thread Nate McCall 
Good point Deepak - we do have:
http://cassandra.apache.org/doc/latest/development/dependencies.html

But we dont have details or process written down.

On Wed, Feb 12, 2020 at 9:02 AM Deepak Vohra 
wrote:

>
> Dependency management is discussed at Documentation
>
> |
> |
> |  |
> Documentation
>
> The Apache Cassandra database is the right choice when you need
> scalability and high availability without compro...
>  |
>
>  |
>
>  |
>
>
>
> On Tuesday, February 11, 2020, 07:44:15 p.m. UTC, Ekaterina Dimitrova <
> ekaterina.dimitr...@datastax.com> wrote:
>
>  Hello everyone,
> I was looking into some library updates these dates as per user requests.
> This made me think about one thing. As we approach the new version release,
> were the versions of the libraries cassandra depends on sanitized in any
> way? Is there an overall view or plans for updates? Or is it done on a
> case by case basis?
> If it is not done, do you think it would be a good idea to get a certain
> view on those and see what can be easily updated? I know it is late for big
> rewrites but at least maybe we can update to new versions those which don't
> introduce big changes?
> Any thoughts? Objections?
>
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitr...@datastax.com | datastax.com
> <
> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION_+medium=email_source=signature
> >
>

Re: Libraries update

2020-02-11 Thread Deepak Vohra 
 
Dependency management is discussed at Documentation

| 
| 
|  | 
Documentation

The Apache Cassandra database is the right choice when you need scalability and 
high availability without compro...
 |

 |

 |



On Tuesday, February 11, 2020, 07:44:15 p.m. UTC, Ekaterina Dimitrova 
 wrote:  
 
 Hello everyone,
I was looking into some library updates these dates as per user requests.
This made me think about one thing. As we approach the new version release,
were the versions of the libraries cassandra depends on sanitized in any
way? Is there an overall view or plans for updates? Or is it done on a
case by case basis?
If it is not done, do you think it would be a good idea to get a certain
view on those and see what can be easily updated? I know it is late for big
rewrites but at least maybe we can update to new versions those which don't
introduce big changes?
Any thoughts? Objections?

Ekaterina Dimitrova | Software Engineer
ekaterina.dimitr...@datastax.com | datastax.com

Re: Libraries update

2020-02-11 Thread Nate McCall 
Quick answer to your question though is no, it's been entirely adhoc.

On Wed, Feb 12, 2020 at 8:50 AM Nate McCall  wrote:

> I would love to see an audit and rough plan on maintenance and evaluation
> criteria, etc added to the wiki for discussion. We've had a couple of users
> complain about library versions when including the aftifact as a dependency
> (even though we don't support this, a lot of people do it). It would be
> cool to have something to point to at the very least.
>
> Thanks for bringing this up!!
>
> On Wed, Feb 12, 2020 at 8:44 AM Ekaterina Dimitrova <
> ekaterina.dimitr...@datastax.com> wrote:
>
>> Hello everyone,
>> I was looking into some library updates these dates as per user requests.
>> This made me think about one thing. As we approach the new version
>> release,
>> were the versions of the libraries cassandra depends on sanitized in any
>> way? Is there an overall view or plans for updates? Or is it done on a
>> case by case basis?
>> If it is not done, do you think it would be a good idea to get a certain
>> view on those and see what can be easily updated? I know it is late for
>> big
>> rewrites but at least maybe we can update to new versions those which
>> don't
>> introduce big changes?
>> Any thoughts? Objections?
>>
>> Ekaterina Dimitrova | Software Engineer
>> ekaterina.dimitr...@datastax.com | datastax.com
>> <
>> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION_+medium=email_source=signature
>> >
>>
>

Re: Libraries update

2020-02-11 Thread Nate McCall 
I would love to see an audit and rough plan on maintenance and evaluation
criteria, etc added to the wiki for discussion. We've had a couple of users
complain about library versions when including the aftifact as a dependency
(even though we don't support this, a lot of people do it). It would be
cool to have something to point to at the very least.

Thanks for bringing this up!!

On Wed, Feb 12, 2020 at 8:44 AM Ekaterina Dimitrova <
ekaterina.dimitr...@datastax.com> wrote:

> Hello everyone,
> I was looking into some library updates these dates as per user requests.
> This made me think about one thing. As we approach the new version release,
> were the versions of the libraries cassandra depends on sanitized in any
> way? Is there an overall view or plans for updates? Or is it done on a
> case by case basis?
> If it is not done, do you think it would be a good idea to get a certain
> view on those and see what can be easily updated? I know it is late for big
> rewrites but at least maybe we can update to new versions those which don't
> introduce big changes?
> Any thoughts? Objections?
>
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitr...@datastax.com | datastax.com
> <
> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION_+medium=email_source=signature
> >
>

Libraries update

2020-02-11 Thread Ekaterina Dimitrova 
Hello everyone,
I was looking into some library updates these dates as per user requests.
This made me think about one thing. As we approach the new version release,
were the versions of the libraries cassandra depends on sanitized in any
way? Is there an overall view or plans for updates? Or is it done on a
case by case basis?
If it is not done, do you think it would be a good idea to get a certain
view on those and see what can be easily updated? I know it is late for big
rewrites but at least maybe we can update to new versions those which don't
introduce big changes?
Any thoughts? Objections?

Ekaterina Dimitrova | Software Engineer
ekaterina.dimitr...@datastax.com | datastax.com