You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by Nick Dimiduk <nd...@apache.org> on 2020/02/03 22:35:46 UTC
[DISCUSS] Hadoop dependency versions for 2.3
Hello,
I'd like to discuss the Hadoop versions we'll target for the 2.3 release
line. The topics up for discussion are: (1) what do we set as the
dependency versions in our poms as build defaults on each profile; and (2)
what is the breadth of testing to which we are able to commit for the
purposes of our compatibility matrix?
Currently our pom has:
<hadoop-two.version>2.8.5</hadoop-two.version>
<hadoop-three.version>3.1.2</hadoop-three.version>
Regarding our Hadoop 2 dependency, it seems the Hadoop project no longer
lists 2.8.x on their release page [0], though my searches have not
materialized an EOL announcement. There is a thread [1] suggesting that
there will be just one more release on 2.8 after 2.8.5, dates from
September 2019. Is this reason enough to bump forward our Hadoop-2
dependency, and if so, to what version? 2.9.2 seems a likely candidate,
however it looks like Duo's inquiry [2] as to the liveliness of that
release line has gone unanswered. 2.10.0 was release fairly recently, but
I've not seen anything to indicate that should be considered a stable
release. At this point, I'm prone to simply not touch it for 2.3.
Regarding our Hadoop 3 dependency, 3.1.2 is the latest version on that
release line. Since then, we've seen the advent of 3.2.x. I can find no
indication of the 3.2.x series being labeled as "not production ready."
There's talk of Hadoop 3.3, which will supposedly bring JDK11 support, but
I don't think it matches our timelines for HBase 2.3. Is there a reason to
advance our Hadoop 3 dependency? Likewise, at this point, I'm prone to
simply not touch it for 2.3.
Thoughts?
Thanks,
Nick
[0]: https://hadoop.apache.org/releases.html
[1]:
https://lists.apache.org/thread.html/ac7c53cf6f41d440d7ca120b2ea41fc5dc0f36041d4c03ee30d4e6d3%40%3Ccommon-dev.hadoop.apache.org%3E
[2]:
https://lists.apache.org/thread.html/0b1b5d80e6481796635c91e409dab0111387db3012d43357352108ec%40%3Ccommon-dev.hadoop.apache.org%3E
Re: [DISCUSS] Hadoop dependency versions for 2.3
Posted by Sean Busbey <bu...@apache.org>.
Unless there's a published CVE for the current minimum lines, I'd say
leave them as is.
Hadoop is usually good at keep this up to date as they announce CVEs:
https://hadoop.apache.org/cve_list.html
On Mon, Feb 3, 2020 at 4:36 PM Nick Dimiduk <nd...@apache.org> wrote:
>
> Hello,
>
> I'd like to discuss the Hadoop versions we'll target for the 2.3 release
> line. The topics up for discussion are: (1) what do we set as the
> dependency versions in our poms as build defaults on each profile; and (2)
> what is the breadth of testing to which we are able to commit for the
> purposes of our compatibility matrix?
>
> Currently our pom has:
>
> <hadoop-two.version>2.8.5</hadoop-two.version>
> <hadoop-three.version>3.1.2</hadoop-three.version>
>
> Regarding our Hadoop 2 dependency, it seems the Hadoop project no longer
> lists 2.8.x on their release page [0], though my searches have not
> materialized an EOL announcement. There is a thread [1] suggesting that
> there will be just one more release on 2.8 after 2.8.5, dates from
> September 2019. Is this reason enough to bump forward our Hadoop-2
> dependency, and if so, to what version? 2.9.2 seems a likely candidate,
> however it looks like Duo's inquiry [2] as to the liveliness of that
> release line has gone unanswered. 2.10.0 was release fairly recently, but
> I've not seen anything to indicate that should be considered a stable
> release. At this point, I'm prone to simply not touch it for 2.3.
>
> Regarding our Hadoop 3 dependency, 3.1.2 is the latest version on that
> release line. Since then, we've seen the advent of 3.2.x. I can find no
> indication of the 3.2.x series being labeled as "not production ready."
> There's talk of Hadoop 3.3, which will supposedly bring JDK11 support, but
> I don't think it matches our timelines for HBase 2.3. Is there a reason to
> advance our Hadoop 3 dependency? Likewise, at this point, I'm prone to
> simply not touch it for 2.3.
>
> Thoughts?
>
> Thanks,
> Nick
>
> [0]: https://hadoop.apache.org/releases.html
> [1]:
> https://lists.apache.org/thread.html/ac7c53cf6f41d440d7ca120b2ea41fc5dc0f36041d4c03ee30d4e6d3%40%3Ccommon-dev.hadoop.apache.org%3E
> [2]:
> https://lists.apache.org/thread.html/0b1b5d80e6481796635c91e409dab0111387db3012d43357352108ec%40%3Ccommon-dev.hadoop.apache.org%3E