Hi Wei-Chiu, Thank you for starting the discussion.
I thought the same thing about 2 years ago when I tried to upgrade the Jersey version in https://issues.apache.org/jira/browse/HADOOP-15984 and found it's really hard to upgrade it in YARN. Now I still think it makes sense to move the code to separate repo and a different release line. That can make upgrading the Jersey version and the Java version much easier (Java version upgrades are blocked by HADOOP-15984). Thanks, Akira On Wed, Jun 28, 2023 at 6:00 AM Wei-Chiu Chuang <weic...@apache.org> wrote: > Hi, > > First of all, I am not familiar with YARN code so I'm not really in > the position to make such a claim. But while releasing Hadoop 3.3.6, I > found that a number of YARN modules are seldom updated nor maintained. > > 1. There are hundreds of npm javascript module vulnerability alerts in > GitHub repo, many of them at critical level. > 2. There are very little bug fixes and features in YARN applications, YARN > CSI and YARN registry. There are only occasional updates due to typos, or > dependency updates, which suggests that they aren't being actively > maintained. > > I wonder if there are developers actively using or maintaining them. Would > it make sense to move the code to a separate repo and a different release > line? Or even deprecate them? Because having ill-maintained code is a > burden for release managers. > > Thoughts? Looking for feedbacks > Weichiu >