You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pulsar.apache.org by Lari Hotari <La...@hotari.net> on 2021/05/31 07:00:42 UTC
Re: Updates on Presto connector for PIP-62
Hi Sijie,
Can we make it before the 2.8.0 release?
I hope we could do it. Currently the Presto distribution as part of Apache
Pulsar distribution causes some issues. Security Vulnerability Scanners
such as Sonatype IQ server flag the Pulsar distribution as vulnerable
because of the old libraries included in the Presto distribution which is
bundled as part of the Pulsar distributions.
These are the issues caused by Presto distribution in the master branch:
pkg:maven/com.ning/async-http-client@1.6.5
<https://ossindex.sonatype.org/component/pkg:maven/com.ning/async-http-client@1.6.5?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5>
pkg:maven/org.eclipse.jetty/jetty-io@9.4.27.v20200227
<https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-io@9.4.27.v20200227?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5>
pkg:maven/org.eclipse.jetty/jetty-server@9.4.27.v20200227
<https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-server@9.4.27.v20200227?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5>
pkg:maven/io.netty/netty@3.10.6.Final
<https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty@3.10.6.Final?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5>
pkg:maven/com.squareup.okhttp3/okhttp@3.9.0
<https://ossindex.sonatype.org/component/pkg:maven/com.squareup.okhttp3/okhttp@3.9.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5>
pkg:maven/org.codehaus.plexus/plexus-utils@2.0.6
<https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.plexus/plexus-utils@2.0.6?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5>
(This list is from OWASP Dependency Check, created with command "mvn clean
install -DskipTests; mvn -Pmain,skip-all,skipDocker,owasp-dependency-check
initialize verify -pl distribution/server")
If we cannot make it before the 2.8.0 release, what is the updated
schedule? Is someone actively working on contributing the Pulsar connector
to the Trino project?
BR, Lari
On Tue, Apr 27, 2021 at 1:10 AM Sijie Guo <gu...@gmail.com> wrote:
> We will try to make it before the 2.8.0 release. If we can't make it, we
> will still release the presto connector for 2.8.0 and remove it once it
> lands in upstream Trino.
>
> - Sijie
>
> On Mon, Apr 26, 2021 at 1:43 PM Enrico Olivelli <eo...@gmail.com>
> wrote:
>
> > Il giorno lun 26 apr 2021 alle ore 21:47 Jerry Peng
> > <je...@gmail.com> ha scritto:
> > >
> > > Sijie,
> > >
> > > Sounds good!
> > >
> > > On Mon, Apr 26, 2021 at 11:48 AM Sijie Guo <si...@apache.org> wrote:
> > >
> > > > Hi all,
> > > >
> > > > I want to share an update on the presto connector for PIP-62.
> > > >
> > > > We have talked to the Trino community about contributing the
> > Presto/Trino
> > > > connector to the Trino project. The Trino community is happy to
> accept
> > the
> > > > connector.
> >
> > This is great news
> >
> > So we will stop the work of moving the presto connector out of
> > > > the main repo for PIP-62. Instead, we will focus on contributing the
> > presto
> > > > connector to the Trino project. After that is done, we will remove
> the
> > > > presto connector from the master.
> >
> > Do you think that this will happen before cutting 2.8.0 release ?
> >
> > Enrico
> >
> > > >
> > > > Let me know if you have any questions.
> > > >
> > > > Thanks,
> > > > Sijie
> > > >
> >
>
Re: Updates on Presto connector for PIP-62
Posted by Sijie Guo <gu...@gmail.com>.
Zhenxin,
We should delete the presto connector after Trino merged the PR. We don't
maintain two copies of code.
Can you provide the Github PR in the Trino repo? So people can track their
progress.
- Sijie
On Tue, Jun 1, 2021 at 9:18 PM Zhengxin Cai <ca...@gmail.com> wrote:
> Actually we're in the process of contributing the Trino(formerly PrestoSQL)
> connector back to Trino repo.
> I'm not sure if we still want to maintain the connector in the Pulsar repo
> after that?
> It's just gonna be super hard to maintain 2 copies of the code and porting
> patch between them, and most likely they'll eventually diverge from each
> other.
>
> Lari Hotari <La...@hotari.net> 于2021年5月31日周一 下午3:01写道:
>
> > Hi Sijie,
> >
> > Can we make it before the 2.8.0 release?
> >
> > I hope we could do it. Currently the Presto distribution as part of
> Apache
> > Pulsar distribution causes some issues. Security Vulnerability Scanners
> > such as Sonatype IQ server flag the Pulsar distribution as vulnerable
> > because of the old libraries included in the Presto distribution which is
> > bundled as part of the Pulsar distributions.
> >
> > These are the issues caused by Presto distribution in the master branch:
> > pkg:maven/com.ning/async-http-client@1.6.5
> > <
> >
> https://ossindex.sonatype.org/component/pkg:maven/com.ning/async-http-client@1.6.5?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> > >
> > pkg:maven/org.eclipse.jetty/jetty-io@9.4.27.v20200227
> > <
> >
> https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-io@9.4.27.v20200227?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> > >
> > pkg:maven/org.eclipse.jetty/jetty-server@9.4.27.v20200227
> > <
> >
> https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-server@9.4.27.v20200227?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> > >
> > pkg:maven/io.netty/netty@3.10.6.Final
> > <
> >
> https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty@3.10.6.Final?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> > >
> > pkg:maven/com.squareup.okhttp3/okhttp@3.9.0
> > <
> >
> https://ossindex.sonatype.org/component/pkg:maven/com.squareup.okhttp3/okhttp@3.9.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> > >
> > pkg:maven/org.codehaus.plexus/plexus-utils@2.0.6
> > <
> >
> https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.plexus/plexus-utils@2.0.6?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> > >
> > (This list is from OWASP Dependency Check, created with command "mvn
> clean
> > install -DskipTests; mvn
> -Pmain,skip-all,skipDocker,owasp-dependency-check
> > initialize verify -pl distribution/server")
> >
> > If we cannot make it before the 2.8.0 release, what is the updated
> > schedule? Is someone actively working on contributing the Pulsar
> connector
> > to the Trino project?
> >
> > BR, Lari
> >
> >
> > On Tue, Apr 27, 2021 at 1:10 AM Sijie Guo <gu...@gmail.com> wrote:
> >
> > > We will try to make it before the 2.8.0 release. If we can't make it,
> we
> > > will still release the presto connector for 2.8.0 and remove it once it
> > > lands in upstream Trino.
> > >
> > > - Sijie
> > >
> > > On Mon, Apr 26, 2021 at 1:43 PM Enrico Olivelli <eo...@gmail.com>
> > > wrote:
> > >
> > > > Il giorno lun 26 apr 2021 alle ore 21:47 Jerry Peng
> > > > <je...@gmail.com> ha scritto:
> > > > >
> > > > > Sijie,
> > > > >
> > > > > Sounds good!
> > > > >
> > > > > On Mon, Apr 26, 2021 at 11:48 AM Sijie Guo <si...@apache.org>
> wrote:
> > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > I want to share an update on the presto connector for PIP-62.
> > > > > >
> > > > > > We have talked to the Trino community about contributing the
> > > > Presto/Trino
> > > > > > connector to the Trino project. The Trino community is happy to
> > > accept
> > > > the
> > > > > > connector.
> > > >
> > > > This is great news
> > > >
> > > > So we will stop the work of moving the presto connector out of
> > > > > > the main repo for PIP-62. Instead, we will focus on contributing
> > the
> > > > presto
> > > > > > connector to the Trino project. After that is done, we will
> remove
> > > the
> > > > > > presto connector from the master.
> > > >
> > > > Do you think that this will happen before cutting 2.8.0 release ?
> > > >
> > > > Enrico
> > > >
> > > > > >
> > > > > > Let me know if you have any questions.
> > > > > >
> > > > > > Thanks,
> > > > > > Sijie
> > > > > >
> > > >
> > >
> >
>
Re: Updates on Presto connector for PIP-62
Posted by Zhengxin Cai <ca...@gmail.com>.
Actually we're in the process of contributing the Trino(formerly PrestoSQL)
connector back to Trino repo.
I'm not sure if we still want to maintain the connector in the Pulsar repo
after that?
It's just gonna be super hard to maintain 2 copies of the code and porting
patch between them, and most likely they'll eventually diverge from each
other.
Lari Hotari <La...@hotari.net> 于2021年5月31日周一 下午3:01写道:
> Hi Sijie,
>
> Can we make it before the 2.8.0 release?
>
> I hope we could do it. Currently the Presto distribution as part of Apache
> Pulsar distribution causes some issues. Security Vulnerability Scanners
> such as Sonatype IQ server flag the Pulsar distribution as vulnerable
> because of the old libraries included in the Presto distribution which is
> bundled as part of the Pulsar distributions.
>
> These are the issues caused by Presto distribution in the master branch:
> pkg:maven/com.ning/async-http-client@1.6.5
> <
> https://ossindex.sonatype.org/component/pkg:maven/com.ning/async-http-client@1.6.5?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> >
> pkg:maven/org.eclipse.jetty/jetty-io@9.4.27.v20200227
> <
> https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-io@9.4.27.v20200227?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> >
> pkg:maven/org.eclipse.jetty/jetty-server@9.4.27.v20200227
> <
> https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-server@9.4.27.v20200227?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> >
> pkg:maven/io.netty/netty@3.10.6.Final
> <
> https://ossindex.sonatype.org/component/pkg:maven/io.netty/netty@3.10.6.Final?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> >
> pkg:maven/com.squareup.okhttp3/okhttp@3.9.0
> <
> https://ossindex.sonatype.org/component/pkg:maven/com.squareup.okhttp3/okhttp@3.9.0?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> >
> pkg:maven/org.codehaus.plexus/plexus-utils@2.0.6
> <
> https://ossindex.sonatype.org/component/pkg:maven/org.codehaus.plexus/plexus-utils@2.0.6?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.5
> >
> (This list is from OWASP Dependency Check, created with command "mvn clean
> install -DskipTests; mvn -Pmain,skip-all,skipDocker,owasp-dependency-check
> initialize verify -pl distribution/server")
>
> If we cannot make it before the 2.8.0 release, what is the updated
> schedule? Is someone actively working on contributing the Pulsar connector
> to the Trino project?
>
> BR, Lari
>
>
> On Tue, Apr 27, 2021 at 1:10 AM Sijie Guo <gu...@gmail.com> wrote:
>
> > We will try to make it before the 2.8.0 release. If we can't make it, we
> > will still release the presto connector for 2.8.0 and remove it once it
> > lands in upstream Trino.
> >
> > - Sijie
> >
> > On Mon, Apr 26, 2021 at 1:43 PM Enrico Olivelli <eo...@gmail.com>
> > wrote:
> >
> > > Il giorno lun 26 apr 2021 alle ore 21:47 Jerry Peng
> > > <je...@gmail.com> ha scritto:
> > > >
> > > > Sijie,
> > > >
> > > > Sounds good!
> > > >
> > > > On Mon, Apr 26, 2021 at 11:48 AM Sijie Guo <si...@apache.org> wrote:
> > > >
> > > > > Hi all,
> > > > >
> > > > > I want to share an update on the presto connector for PIP-62.
> > > > >
> > > > > We have talked to the Trino community about contributing the
> > > Presto/Trino
> > > > > connector to the Trino project. The Trino community is happy to
> > accept
> > > the
> > > > > connector.
> > >
> > > This is great news
> > >
> > > So we will stop the work of moving the presto connector out of
> > > > > the main repo for PIP-62. Instead, we will focus on contributing
> the
> > > presto
> > > > > connector to the Trino project. After that is done, we will remove
> > the
> > > > > presto connector from the master.
> > >
> > > Do you think that this will happen before cutting 2.8.0 release ?
> > >
> > > Enrico
> > >
> > > > >
> > > > > Let me know if you have any questions.
> > > > >
> > > > > Thanks,
> > > > > Sijie
> > > > >
> > >
> >
>