+1 on marking 3.2 EOL. For branch-2.10, just keeping cherry-picking critical our CVEs without release sounds good. If someone really want, I can try to put 2.10.3 up. dev-support/bin/create-release looks still working with some trivial fixes.
On Tue, Dec 5, 2023 at 7:45 PM Steve Loughran <ste...@cloudera.com.invalid> wrote: > > +1 for making 3.3 and 3.4 the maintained lines > > 3.2.x we should say -as it is true- that the age of the dependencies is > such that it is transitively insecure. To fix those, people must upgrade. > > For 2.10.x, we should think about whether to cherrypick our own CVEs there, > but not actually do any new ASF releases. > I couldn't even get hold of a java7 JDK to do the release even if I wanted > to -the same must hold for many others; getting a new release qualified > would be hard. Best to say "upgrade time'. > > > This goes well with a 3.4.0 release, as there's a clear story: we have a > new 3.4.x line stabilising, if you want something already stable move onto > 3.3.x if you hadn't already > > > > > > On Mon, 4 Dec 2023 at 12:39, Xiaoqiao He <hexiaoq...@apache.org> wrote: > > > Hi folks, > > > > There are many discussions about which release lines should we still > > consider actively > > maintained in history. I want to launch this topic again, and try to get a > > consensus. > > > > From download page[1] and active branches page[2], we have the following > > release lines: > > Hadoop 3.3 Release (release-3.3.5 at Jun 22 2022), 360 commits checked in > > since last release. > > Hadoop 3.2 Release (release-3.2.4 at Jul 11, 2022) 36 commits checked in > > since last release. > > Hadoop 2.10 Release (release-2.10.2 at May 17, 2022) 24 commits checked in > > since last release. > > > > And Hadoop 3.4.0 will be coming soon which Shilun Fan (maybe cooperating > > with Ahmar Suhail?) > > has been actively working on getting the 3.4.0 release out. > > > > Considering the less updates for some active branches, should we declare to > > our downstream > > users that some of these lines will EOL? > > > > IMO we should announce EOL branch-2.10 and branch-3.2 which are not active > > now. > > Then we could focus on minor active branches (branch-3.3 and branch-3.4) > > and increase release pace. > > > > So how about to keep branch-3.3 and branch-3.4 release lines as actively > > maintained, And mark branch-2.10 and branch-3.2 EOL? Any opinions? Thanks. > > > > Best Regards, > > - He Xiaoqiao > > > > [1] https://hadoop.apache.org/releases.html > > [2] > > > > https://cwiki.apache.org/confluence/display/HADOOP/Hadoop+Active+Release+Lines > > --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org
