You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cassandra.apache.org by Ekaterina Dimitrova <ek...@datastax.com> on 2020/02/11 19:16:54 UTC
Libraries update
Hello everyone,
I was looking into some library updates these dates as per user requests.
This made me think about one thing. As we approach the new version release,
were the versions of the libraries cassandra depends on sanitized in any
way? Is there an overall view or plans for updates? Or is it done on a
case by case basis?
If it is not done, do you think it would be a good idea to get a certain
view on those and see what can be easily updated? I know it is late for big
rewrites but at least maybe we can update to new versions those which don't
introduce big changes?
Any thoughts? Objections?
Ekaterina Dimitrova | Software Engineer
ekaterina.dimitrova@datastax.com | datastax.com
<http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature>
Re: Libraries update
Posted by Nate McCall <zz...@gmail.com>.
Quick answer to your question though is no, it's been entirely adhoc.
On Wed, Feb 12, 2020 at 8:50 AM Nate McCall <zz...@gmail.com> wrote:
> I would love to see an audit and rough plan on maintenance and evaluation
> criteria, etc added to the wiki for discussion. We've had a couple of users
> complain about library versions when including the aftifact as a dependency
> (even though we don't support this, a lot of people do it). It would be
> cool to have something to point to at the very least.
>
> Thanks for bringing this up!!
>
> On Wed, Feb 12, 2020 at 8:44 AM Ekaterina Dimitrova <
> ekaterina.dimitrova@datastax.com> wrote:
>
>> Hello everyone,
>> I was looking into some library updates these dates as per user requests.
>> This made me think about one thing. As we approach the new version
>> release,
>> were the versions of the libraries cassandra depends on sanitized in any
>> way? Is there an overall view or plans for updates? Or is it done on a
>> case by case basis?
>> If it is not done, do you think it would be a good idea to get a certain
>> view on those and see what can be easily updated? I know it is late for
>> big
>> rewrites but at least maybe we can update to new versions those which
>> don't
>> introduce big changes?
>> Any thoughts? Objections?
>>
>> Ekaterina Dimitrova | Software Engineer
>> ekaterina.dimitrova@datastax.com | datastax.com
>> <
>> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature
>> >
>>
>
Re: Libraries update
Posted by Nate McCall <zz...@gmail.com>.
I would love to see an audit and rough plan on maintenance and evaluation
criteria, etc added to the wiki for discussion. We've had a couple of users
complain about library versions when including the aftifact as a dependency
(even though we don't support this, a lot of people do it). It would be
cool to have something to point to at the very least.
Thanks for bringing this up!!
On Wed, Feb 12, 2020 at 8:44 AM Ekaterina Dimitrova <
ekaterina.dimitrova@datastax.com> wrote:
> Hello everyone,
> I was looking into some library updates these dates as per user requests.
> This made me think about one thing. As we approach the new version release,
> were the versions of the libraries cassandra depends on sanitized in any
> way? Is there an overall view or plans for updates? Or is it done on a
> case by case basis?
> If it is not done, do you think it would be a good idea to get a certain
> view on those and see what can be easily updated? I know it is late for big
> rewrites but at least maybe we can update to new versions those which don't
> introduce big changes?
> Any thoughts? Objections?
>
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitrova@datastax.com | datastax.com
> <
> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature
> >
>
Re: Libraries update
Posted by Dinesh Joshi <dj...@apache.org>.
Hi Ekaterina,
We should regularly update libraries but we should be careful doing so in stable releases as dependency changes are inherently risky. In my experience we should take libraries with security fixes in stable releases. For unreleased versions we should take an approach of regularly auditing and updating libraries. Right now it is on a need basis when someone reports a jira.
Thanks,
Dinesh
> On Feb 20, 2020, at 1:06 PM, Ekaterina Dimitrova <ek...@datastax.com> wrote:
>
> Hi Nate, Deepak, all,
> Back to this topic. Thank you for your responses and valuable feedback.
> Definitely, the dependencies documentation and the maven repo are great
> resources.
>
> My question was really about the process to follow to update regularly the
> libraries.
>
> So my understanding is that there is no process. Thank you
>
> I saw some discussions on slack after my email. Different people have
> different experiences with this from a variety of projects which is great.
> Do you want me to summarize and try to come up with options?
>
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitrova@datastax.com | datastax.com
> <http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature>
>
>
>>
>> *From:* Deepak Vohra <dv...@yahoo.com.INVALID>
>> *Date:* 11 February 2020, 17:14:56 GMT-5
>> *To:* dev@cassandra.apache.org
>> *Subject:* *Re: Libraries update*
>> *Reply-To:* dev@cassandra.apache.org
>>
>> For specific versions of dependencies scroll down for the Compile
>> Dependencies and Managed Dependencies at Maven Repository:
>> org.apache.cassandra » cassandra-all » 4.0-alpha3
>>
>>
>> |
>> |
>> |
>> | | |
>>
>> |
>>
>> |
>> |
>> | |
>> Maven Repository: org.apache.cassandra » cassandra-all » 4.0-alpha3
>>
>>
>> |
>>
>> |
>>
>> |
>>
>>
>>
>> Or, if not these, what other dependencies are being referred
>> to?thanks,Deepak On Tuesday, February 11, 2020, 08:09:41 p.m. UTC, Tomo
>> Suzuki <su...@google.com.invalid> wrote:
>>
>> do you think it would be a good idea to get a certain
>>
>> view on those and see what can be easily updated?
>>
>> Yes!
>> With more up-to-date dependencies, Cassandra will work with other open
>> source software smoothly. Looking forward.
>>
>> On Tue, Feb 11, 2020 at 2:44 PM Ekaterina Dimitrova
>> <ek...@datastax.com> wrote:
>>
>>
>> Hello everyone,
>>
>> I was looking into some library updates these dates as per user requests.
>>
>> This made me think about one thing. As we approach the new version release,
>>
>> were the versions of the libraries cassandra depends on sanitized in any
>>
>> way? Is there an overall view or plans for updates? Or is it done on a
>>
>> case by case basis?
>>
>> If it is not done, do you think it would be a good idea to get a certain
>>
>> view on those and see what can be easily updated? I know it is late for big
>>
>> rewrites but at least maybe we can update to new versions those which don't
>>
>> introduce big changes?
>>
>> Any thoughts? Objections?
>>
>>
>> Ekaterina Dimitrova | Software Engineer
>>
>> ekaterina.dimitrova@datastax.com | datastax.com
>>
>> <
>> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature
>>>
>>
>>
>>
>>
>> --
>> Regards,
>> Tomo
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
>> For additional commands, e-mail: dev-help@cassandra.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
Re: Libraries update
Posted by Deepak Vohra <dv...@yahoo.com.INVALID>.
Updating libraries is a common problem, not unique to Cassandra. A code pipeline may be created that runs automatically with AWS CodeDeployAWS CodePipeline
But, when the pipeline runs would have to be configured by user, such as when code changes on GitHub.
On Thursday, February 20, 2020, 09:08:38 p.m. UTC, Ekaterina Dimitrova <ek...@datastax.com> wrote:
Hi Nate, Deepak, all,
Back to this topic. Thank you for your responses and valuable feedback.
Definitely, the dependencies documentation and the maven repo are great
resources.
My question was really about the process to follow to update regularly the
libraries.
So my understanding is that there is no process. Thank you
I saw some discussions on slack after my email. Different people have
different experiences with this from a variety of projects which is great.
Do you want me to summarize and try to come up with options?
Ekaterina Dimitrova | Software Engineer
ekaterina.dimitrova@datastax.com | datastax.com
<http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature>
>
> *From:* Deepak Vohra <dv...@yahoo.com.INVALID>
> *Date:* 11 February 2020, 17:14:56 GMT-5
> *To:* dev@cassandra.apache.org
> *Subject:* *Re: Libraries update*
> *Reply-To:* dev@cassandra.apache.org
>
> For specific versions of dependencies scroll down for the Compile
> Dependencies and Managed Dependencies at Maven Repository:
> org.apache.cassandra » cassandra-all » 4.0-alpha3
>
>
> |
> |
> |
> | | |
>
> |
>
> |
> |
> | |
> Maven Repository: org.apache.cassandra » cassandra-all » 4.0-alpha3
>
>
> |
>
> |
>
> |
>
>
>
> Or, if not these, what other dependencies are being referred
> to?thanks,Deepak On Tuesday, February 11, 2020, 08:09:41 p.m. UTC, Tomo
> Suzuki <su...@google.com.invalid> wrote:
>
> do you think it would be a good idea to get a certain
>
> view on those and see what can be easily updated?
>
> Yes!
> With more up-to-date dependencies, Cassandra will work with other open
> source software smoothly. Looking forward.
>
> On Tue, Feb 11, 2020 at 2:44 PM Ekaterina Dimitrova
> <ek...@datastax.com> wrote:
>
>
> Hello everyone,
>
> I was looking into some library updates these dates as per user requests.
>
> This made me think about one thing. As we approach the new version release,
>
> were the versions of the libraries cassandra depends on sanitized in any
>
> way? Is there an overall view or plans for updates? Or is it done on a
>
> case by case basis?
>
> If it is not done, do you think it would be a good idea to get a certain
>
> view on those and see what can be easily updated? I know it is late for big
>
> rewrites but at least maybe we can update to new versions those which don't
>
> introduce big changes?
>
> Any thoughts? Objections?
>
>
> Ekaterina Dimitrova | Software Engineer
>
> ekaterina.dimitrova@datastax.com | datastax.com
>
> <
> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature
> >
>
>
>
>
> --
> Regards,
> Tomo
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: dev-help@cassandra.apache.org
>
>
Re: Libraries update
Posted by Ekaterina Dimitrova <ek...@datastax.com>.
Hi Nate, Deepak, all,
Back to this topic. Thank you for your responses and valuable feedback.
Definitely, the dependencies documentation and the maven repo are great
resources.
My question was really about the process to follow to update regularly the
libraries.
So my understanding is that there is no process. Thank you
I saw some discussions on slack after my email. Different people have
different experiences with this from a variety of projects which is great.
Do you want me to summarize and try to come up with options?
Ekaterina Dimitrova | Software Engineer
ekaterina.dimitrova@datastax.com | datastax.com
<http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature>
>
> *From:* Deepak Vohra <dv...@yahoo.com.INVALID>
> *Date:* 11 February 2020, 17:14:56 GMT-5
> *To:* dev@cassandra.apache.org
> *Subject:* *Re: Libraries update*
> *Reply-To:* dev@cassandra.apache.org
>
> For specific versions of dependencies scroll down for the Compile
> Dependencies and Managed Dependencies at Maven Repository:
> org.apache.cassandra » cassandra-all » 4.0-alpha3
>
>
> |
> |
> |
> | | |
>
> |
>
> |
> |
> | |
> Maven Repository: org.apache.cassandra » cassandra-all » 4.0-alpha3
>
>
> |
>
> |
>
> |
>
>
>
> Or, if not these, what other dependencies are being referred
> to?thanks,Deepak On Tuesday, February 11, 2020, 08:09:41 p.m. UTC, Tomo
> Suzuki <su...@google.com.invalid> wrote:
>
> do you think it would be a good idea to get a certain
>
> view on those and see what can be easily updated?
>
> Yes!
> With more up-to-date dependencies, Cassandra will work with other open
> source software smoothly. Looking forward.
>
> On Tue, Feb 11, 2020 at 2:44 PM Ekaterina Dimitrova
> <ek...@datastax.com> wrote:
>
>
> Hello everyone,
>
> I was looking into some library updates these dates as per user requests.
>
> This made me think about one thing. As we approach the new version release,
>
> were the versions of the libraries cassandra depends on sanitized in any
>
> way? Is there an overall view or plans for updates? Or is it done on a
>
> case by case basis?
>
> If it is not done, do you think it would be a good idea to get a certain
>
> view on those and see what can be easily updated? I know it is late for big
>
> rewrites but at least maybe we can update to new versions those which don't
>
> introduce big changes?
>
> Any thoughts? Objections?
>
>
> Ekaterina Dimitrova | Software Engineer
>
> ekaterina.dimitrova@datastax.com | datastax.com
>
> <
> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature
> >
>
>
>
>
> --
> Regards,
> Tomo
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
> For additional commands, e-mail: dev-help@cassandra.apache.org
>
>
Re: Libraries update
Posted by Deepak Vohra <dv...@yahoo.com.INVALID>.
For specific versions of dependencies scroll down for the Compile Dependencies and Managed Dependencies at Maven Repository: org.apache.cassandra » cassandra-all » 4.0-alpha3
|
|
|
| | |
|
|
|
| |
Maven Repository: org.apache.cassandra » cassandra-all » 4.0-alpha3
|
|
|
Or, if not these, what other dependencies are being referred to?thanks,Deepak On Tuesday, February 11, 2020, 08:09:41 p.m. UTC, Tomo Suzuki <su...@google.com.invalid> wrote:
> do you think it would be a good idea to get a certain
view on those and see what can be easily updated?
Yes!
With more up-to-date dependencies, Cassandra will work with other open
source software smoothly. Looking forward.
On Tue, Feb 11, 2020 at 2:44 PM Ekaterina Dimitrova
<ek...@datastax.com> wrote:
>
> Hello everyone,
> I was looking into some library updates these dates as per user requests.
> This made me think about one thing. As we approach the new version release,
> were the versions of the libraries cassandra depends on sanitized in any
> way? Is there an overall view or plans for updates? Or is it done on a
> case by case basis?
> If it is not done, do you think it would be a good idea to get a certain
> view on those and see what can be easily updated? I know it is late for big
> rewrites but at least maybe we can update to new versions those which don't
> introduce big changes?
> Any thoughts? Objections?
>
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitrova@datastax.com | datastax.com
> <http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature>
--
Regards,
Tomo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
Re: Libraries update
Posted by Tomo Suzuki <su...@google.com.INVALID>.
> do you think it would be a good idea to get a certain
view on those and see what can be easily updated?
Yes!
With more up-to-date dependencies, Cassandra will work with other open
source software smoothly. Looking forward.
On Tue, Feb 11, 2020 at 2:44 PM Ekaterina Dimitrova
<ek...@datastax.com> wrote:
>
> Hello everyone,
> I was looking into some library updates these dates as per user requests.
> This made me think about one thing. As we approach the new version release,
> were the versions of the libraries cassandra depends on sanitized in any
> way? Is there an overall view or plans for updates? Or is it done on a
> case by case basis?
> If it is not done, do you think it would be a good idea to get a certain
> view on those and see what can be easily updated? I know it is late for big
> rewrites but at least maybe we can update to new versions those which don't
> introduce big changes?
> Any thoughts? Objections?
>
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitrova@datastax.com | datastax.com
> <http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature>
--
Regards,
Tomo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cassandra.apache.org
For additional commands, e-mail: dev-help@cassandra.apache.org
Re: Libraries update
Posted by Nate McCall <zz...@gmail.com>.
Good point Deepak - we do have:
http://cassandra.apache.org/doc/latest/development/dependencies.html
But we dont have details or process written down.
On Wed, Feb 12, 2020 at 9:02 AM Deepak Vohra <dv...@yahoo.com.invalid>
wrote:
>
> Dependency management is discussed at Documentation
>
> |
> |
> | |
> Documentation
>
> The Apache Cassandra database is the right choice when you need
> scalability and high availability without compro...
> |
>
> |
>
> |
>
>
>
> On Tuesday, February 11, 2020, 07:44:15 p.m. UTC, Ekaterina Dimitrova <
> ekaterina.dimitrova@datastax.com> wrote:
>
> Hello everyone,
> I was looking into some library updates these dates as per user requests.
> This made me think about one thing. As we approach the new version release,
> were the versions of the libraries cassandra depends on sanitized in any
> way? Is there an overall view or plans for updates? Or is it done on a
> case by case basis?
> If it is not done, do you think it would be a good idea to get a certain
> view on those and see what can be easily updated? I know it is late for big
> rewrites but at least maybe we can update to new versions those which don't
> introduce big changes?
> Any thoughts? Objections?
>
> Ekaterina Dimitrova | Software Engineer
> ekaterina.dimitrova@datastax.com | datastax.com
> <
> http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature
> >
>
Re: Libraries update
Posted by Deepak Vohra <dv...@yahoo.com.INVALID>.
Dependency management is discussed at Documentation
|
|
| |
Documentation
The Apache Cassandra database is the right choice when you need scalability and high availability without compro...
|
|
|
On Tuesday, February 11, 2020, 07:44:15 p.m. UTC, Ekaterina Dimitrova <ek...@datastax.com> wrote:
Hello everyone,
I was looking into some library updates these dates as per user requests.
This made me think about one thing. As we approach the new version release,
were the versions of the libraries cassandra depends on sanitized in any
way? Is there an overall view or plans for updates? Or is it done on a
case by case basis?
If it is not done, do you think it would be a good idea to get a certain
view on those and see what can be easily updated? I know it is late for big
rewrites but at least maybe we can update to new versions those which don't
introduce big changes?
Any thoughts? Objections?
Ekaterina Dimitrova | Software Engineer
ekaterina.dimitrova@datastax.com | datastax.com
<http://datastax.com/?utm_campaign=FY20Q2_CONSTELLATION&utm_+medium=email&utm_source=signature>