You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/08/31 20:07:09 UTC

[GitHub] [airflow] potiuk opened a new pull request #10668: Remove requirements from the project.

potiuk opened a new pull request #10668:
URL: https://github.com/apache/airflow/pull/10668


   The requirements are not needed any more. We replaced them
   with a new, better "constraints" mechanism where constraints
   are stored in a separate, orphaned branches in the repository
   and they are automatically maintained by the CI process.
   
   See more about our dependency management process here:
   
   https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pinned-constraint-files
   
   ---
   **^ Add meaningful description above**
   
   Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines)** for more information.
   In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed.
   In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
   In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md).
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on pull request #10668: Remove requirements from the project.

Posted by GitBox <gi...@apache.org>.

potiuk commented on pull request #10668:
URL: https://github.com/apache/airflow/pull/10668#issuecomment-684009873


   Since we already released 1.10.12 - we can now safely remove the requirement files. The image building process for both 1.10 and master branch is not using them any more. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk edited a comment on pull request #10668: Remove requirements from the project.

Posted by GitBox <gi...@apache.org>.

potiuk edited a comment on pull request #10668:
URL: https://github.com/apache/airflow/pull/10668#issuecomment-684026184


   Looing forward to result of Snyk with those removed :)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ryw merged pull request #10668: Remove requirements from the project.

Posted by GitBox <gi...@apache.org>.

ryw merged pull request #10668:
URL: https://github.com/apache/airflow/pull/10668


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on pull request #10668: Remove requirements from the project.

Posted by GitBox <gi...@apache.org>.

potiuk commented on pull request #10668:
URL: https://github.com/apache/airflow/pull/10668#issuecomment-684016811


   Fun fact: I lost the trust in Black Duck when we saw a number of games (?) detected in the source code of Android (where there was obviously none of them present) and when we had to hire 4 students for a few day so that they would go through the list of "potential" problems to filter out false positives from the real problems. Manually. One by one. And after they've done that (after some instructions we provided to them) I personally looked through what's left and filtered out few hundred of false positives.
   
   True story (TM). Good Luck @ryw !
   
   (Obviously with Airflow it will be far less work to filter out false positives, I just wanted to share this personal experience here for fun).


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on pull request #10668: Remove requirements from the project.

Posted by GitBox <gi...@apache.org>.

potiuk commented on pull request #10668:
URL: https://github.com/apache/airflow/pull/10668#issuecomment-684026184


   Looing forward to result of Snyke with those removed :)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] ryw commented on pull request #10668: Remove requirements from the project.

Posted by GitBox <gi...@apache.org>.

ryw commented on pull request #10668:
URL: https://github.com/apache/airflow/pull/10668#issuecomment-684025015


   Yes scanners have been no fun for me either - but cleaning this up as much as possible helps us to avoid probably hundreds of frustrating conversations :)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on pull request #10668: Remove requirements from the project.

Posted by GitBox <gi...@apache.org>.

potiuk commented on pull request #10668:
URL: https://github.com/apache/airflow/pull/10668#issuecomment-684014007


   > Looks good to me - will report back what Snyk thinks of Airflow w/ these files removed, once this PR is merged :)
   
   Yep. I am always interested in those scanners. I used BlackDuck quite heavily (including building some automation around it) and it was pretty traumatic experience. A number of false positives and unhelpful information was staggering.
   
   Maybe because it was on Android Lollipop source code (460+ Open Source repositories to scan), but I am not trusting those scanners too much - especially not believing in the "magic" they say they do. Often they fail in basic understanding what is a real requirement and what they think it is.  
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk edited a comment on pull request #10668: Remove requirements from the project.

Posted by GitBox <gi...@apache.org>.

potiuk edited a comment on pull request #10668:
URL: https://github.com/apache/airflow/pull/10668#issuecomment-684016811


   Fun fact: I lost the trust in Black Duck when we saw a number of games (?) detected in the source code of Android (where there was obviously none of them present) and when we had to hire 4 students for a few days so that they would go through the list of "potential" problems to filter out false positives from the real problems. Manually. One by one. And after they've done that (after some instructions we provided to them) I personally looked through what's left and filtered out few hundred of false positives.
   
   True story (TM). Good Luck @ryw !
   
   (Obviously with Airflow it will be far less work to filter out false positives, I just wanted to share this personal experience here for fun).


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org