[jira] [Commented] (YARN-5433) Audit dependencies for Category-X

Fri, 21 Oct 2016 15:25:10 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-5433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15596537#comment-15596537
 ] 

Andrew Wang commented on YARN-5433:
-----------------------------------

findbugs is the most glaring issue, but we should check all the new 
dependencies brought in by the TSv2 merge. The discussion on HADOOP-12893 has 
the full list of methods, but it boils down to:

* Run http://www.mojohaus.org/license-maven-plugin/ to look for potential bad 
maven dependencies. The spreadsheet at HADOOP-12893 addresses the false 
positives found by the plugin for existing libraries.
* Check for any new third-party source code that's been copied in. This is 
mainly JS and native code.

> Audit dependencies for Category-X
> ---------------------------------
>
>                 Key: YARN-5433
>                 URL: https://issues.apache.org/jira/browse/YARN-5433
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: timelineserver
>    Affects Versions: 3.0.0-alpha1
>            Reporter: Sean Busbey
>            Assignee: Sangjin Lee
>            Priority: Blocker
>
> Recently phoenix has found some category-x dependencies in their build 
> (PHOENIX-3084, PHOENIX-3091), which also showed some problems in HBase 
> (HBASE-16260).
> Since the Timeline Server work brought in both of these as dependencies, we 
> should make sure we don't have any cat-x dependencies either. From what I've 
> seen in those projects, our choice of HBase version shouldn't be impacted but 
> our Phoenix one is.
> Greping our current dependency list for the timeline server component shows 
> some LGPL:
> {code}
> ...
> [INFO]    net.sourceforge.findbugs:annotations:jar:1.3.2:compile
> ...
> {code}
> I haven't checked the rest of the dependencies that have changed since 
> HADOOP-12893 went in, so ATM I've filed this against YARN since that's where 
> this one example came in.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to