[DISCUSS] branch-1 versioning and the need for a 1.5.1

[Sean Busbey <bu...@apache.org>]

Hi folks!

HBASE-23210 "Per user metrics" landed yesterday on branch-1 (thanks
Andrew!). This a new feature is enough to justify a 1.6.0 and
shouldn't be in a maintenance release IMHO. as a result I plan to
update the version in branch-1 to 1.6.0 later today.

Last week I had started the process to get 1.5.1 out the door (tracked
in HBASE-23220) in order to address the same Jackson CVE that we took
care with our latest 1.3 and 1.4 releases. Coincidentally I'm about to
merge another PR to branch-1 that addresses a new Jackson CVE.

The maintenance cost of keeping a dependency on Jackson aside, do
folks still feel like we need more 1.5.z releases?

Given our previously discussed goals to have more minor releases and
fewer maintenance releases, I'm inclined to just push forward with a
1.6.0 release and tell folks on 1.5 to upgrade. The user metrics
feature can be opted out of so I think the relative risk on upgrade is
minimal.

Re: [DISCUSS] branch-1 versioning and the need for a 1.5.1

[OpenInx <op...@gmail.com>]

+1

Thanks Seen.

On Sat, Nov 2, 2019 at 9:56 AM Andrew Purtell <an...@gmail.com>
wrote:

> +1
>
> Sounds good Sean.
>
> As discussed earlier we should all feel free to bump the minor version on
> branch-1 whenever a compatibility guideline requires it.
>
> If we ever need to make a 1.5.1 or 1.5.2 for a user who is on 1.5.0 and
> requests a specific fix that conforms to patch compatibility requirements,
> and we think we should do such a release, it's easy enough to make a patch
> branch from a release tag on demand. And otherwise not worry about it.
>
> > On Oct 29, 2019, at 6:25 AM, Sean Busbey <bu...@apache.org> wrote:
> >
> > Hi folks!
> >
> > HBASE-23210 "Per user metrics" landed yesterday on branch-1 (thanks
> > Andrew!). This a new feature is enough to justify a 1.6.0 and
> > shouldn't be in a maintenance release IMHO. as a result I plan to
> > update the version in branch-1 to 1.6.0 later today.
> >
> > Last week I had started the process to get 1.5.1 out the door (tracked
> > in HBASE-23220) in order to address the same Jackson CVE that we took
> > care with our latest 1.3 and 1.4 releases. Coincidentally I'm about to
> > merge another PR to branch-1 that addresses a new Jackson CVE.
> >
> > The maintenance cost of keeping a dependency on Jackson aside, do
> > folks still feel like we need more 1.5.z releases?
> >
> > Given our previously discussed goals to have more minor releases and
> > fewer maintenance releases, I'm inclined to just push forward with a
> > 1.6.0 release and tell folks on 1.5 to upgrade. The user metrics
> > feature can be opted out of so I think the relative risk on upgrade is
> > minimal.
>

Re: [DISCUSS] branch-1 versioning and the need for a 1.5.1

[Andrew Purtell <an...@gmail.com>]

+1

Sounds good Sean. 

As discussed earlier we should all feel free to bump the minor version on branch-1 whenever a compatibility guideline requires it. 

If we ever need to make a 1.5.1 or 1.5.2 for a user who is on 1.5.0 and requests a specific fix that conforms to patch compatibility requirements, and we think we should do such a release, it's easy enough to make a patch branch from a release tag on demand. And otherwise not worry about it. 

> On Oct 29, 2019, at 6:25 AM, Sean Busbey <bu...@apache.org> wrote:
> 
> Hi folks!
> 
> HBASE-23210 "Per user metrics" landed yesterday on branch-1 (thanks
> Andrew!). This a new feature is enough to justify a 1.6.0 and
> shouldn't be in a maintenance release IMHO. as a result I plan to
> update the version in branch-1 to 1.6.0 later today.
> 
> Last week I had started the process to get 1.5.1 out the door (tracked
> in HBASE-23220) in order to address the same Jackson CVE that we took
> care with our latest 1.3 and 1.4 releases. Coincidentally I'm about to
> merge another PR to branch-1 that addresses a new Jackson CVE.
> 
> The maintenance cost of keeping a dependency on Jackson aside, do
> folks still feel like we need more 1.5.z releases?
> 
> Given our previously discussed goals to have more minor releases and
> fewer maintenance releases, I'm inclined to just push forward with a
> 1.6.0 release and tell folks on 1.5 to upgrade. The user metrics
> feature can be opted out of so I think the relative risk on upgrade is
> minimal.