You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flume.apache.org by Ralph Goers <ra...@dslextreme.com> on 2022/07/31 23:16:15 UTC
[VOTE] Release Apache Flume 1.10.1-RC1
This is a vote to release Flume 1.10.1, the next version of the Apache Flume project.
Please download, test, and cast your votes on the Flume developers list.
[] +1, release the artifacts
[] -1, don't release because...
The vote will remain open for 72 hours. All votes are welcome and we encourage everyone to test the release, but only Flume PMC votes are “officially” counted. As always, at least 3 +1 votes and more positive than negative votes are required.
Changes in this release can be found at https://flume.staged.apache.org/releases/1.10.1.html.
Tag:
a) for a new copy do "git clone https://github.com/apache/flume.git and then "git checkout tags/flume-1.10.1-rc1” or just "git clone -b lflume-1.10.1-rc1 https://github.com/apache/flume.git"
b) for an existing working copy to “git pull” and then “git checkout tags/flume-1.10.1-rc1”
Web Site: https://flume.staged.apache.org/.
Maven Artifacts: https://repository.apache.org/content/repositories/orgapacheflume-1036.
Distribution archives: https://dist.apache.org/repos/dist/dev/flume/
You may download all the Maven artifacts by executing:
wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate https://repository.apache.org/content/repositories/orgapacheflume-1036/org/apache/flume/
Ralph
Re: [VOTE] Release Apache Flume 1.10.1-RC1
Posted by Ralph Goers <ra...@dslextreme.com>.
I am cancelling this vote due to a bug report that I believe is important enough to respin the release candidate.
> On Aug 3, 2022, at 1:18 PM, Ralph Goers <ra...@dslextreme.com> wrote:
>
> Here is my +`1.
>
> Note that the 72 hour window is up in about 3 hours. We still need 2 more votes. Please review the release.
>
> Ralph
>
>> On Jul 31, 2022, at 4:16 PM, Ralph Goers <ra...@dslextreme.com> wrote:
>>
>> This is a vote to release Flume 1.10.1, the next version of the Apache Flume project.
>>
>> Please download, test, and cast your votes on the Flume developers list.
>> [] +1, release the artifacts
>> [] -1, don't release because...
>>
>> The vote will remain open for 72 hours. All votes are welcome and we encourage everyone to test the release, but only Flume PMC votes are “officially” counted. As always, at least 3 +1 votes and more positive than negative votes are required.
>>
>> Changes in this release can be found at https://flume.staged.apache.org/releases/1.10.1.html.
>>
>> Tag:
>> a) for a new copy do "git clone https://github.com/apache/flume.git and then "git checkout tags/flume-1.10.1-rc1” or just "git clone -b lflume-1.10.1-rc1 https://github.com/apache/flume.git"
>> b) for an existing working copy to “git pull” and then “git checkout tags/flume-1.10.1-rc1”
>>
>> Web Site: https://flume.staged.apache.org/.
>>
>> Maven Artifacts: https://repository.apache.org/content/repositories/orgapacheflume-1036.
>>
>> Distribution archives: https://dist.apache.org/repos/dist/dev/flume/
>>
>> You may download all the Maven artifacts by executing:
>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate https://repository.apache.org/content/repositories/orgapacheflume-1036/org/apache/flume/
>>
>> Ralph
>
Re: [VOTE] Release Apache Flume 1.10.1-RC1
Posted by Ralph Goers <ra...@dslextreme.com>.
Here is my +`1.
Note that the 72 hour window is up in about 3 hours. We still need 2 more votes. Please review the release.
Ralph
> On Jul 31, 2022, at 4:16 PM, Ralph Goers <ra...@dslextreme.com> wrote:
>
> This is a vote to release Flume 1.10.1, the next version of the Apache Flume project.
>
> Please download, test, and cast your votes on the Flume developers list.
> [] +1, release the artifacts
> [] -1, don't release because...
>
> The vote will remain open for 72 hours. All votes are welcome and we encourage everyone to test the release, but only Flume PMC votes are “officially” counted. As always, at least 3 +1 votes and more positive than negative votes are required.
>
> Changes in this release can be found at https://flume.staged.apache.org/releases/1.10.1.html.
>
> Tag:
> a) for a new copy do "git clone https://github.com/apache/flume.git and then "git checkout tags/flume-1.10.1-rc1” or just "git clone -b lflume-1.10.1-rc1 https://github.com/apache/flume.git"
> b) for an existing working copy to “git pull” and then “git checkout tags/flume-1.10.1-rc1”
>
> Web Site: https://flume.staged.apache.org/.
>
> Maven Artifacts: https://repository.apache.org/content/repositories/orgapacheflume-1036.
>
> Distribution archives: https://dist.apache.org/repos/dist/dev/flume/
>
> You may download all the Maven artifacts by executing:
> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate https://repository.apache.org/content/repositories/orgapacheflume-1036/org/apache/flume/
>
> Ralph
Re: [VOTE] Release Apache Flume 1.10.1-RC1
Posted by Ralph Goers <ra...@dslextreme.com>.
It looks like this is a big deal. From what I can tell avro-ipc-netty was created in Avro 1.9.0. All the Netty stuff is in org.apache.avro.ipc.netty from that release on. Prior to that the Netty stuff was in the avro jar under org.apache.avro.ipc.
So to change to 1.7.7 the avro-ipc-netty (and probably avro-ipc-jetty) dependencies would have to be removed and everywhere the support is used it would have to be changed to reference the old package. But I not sure if there are other dependencies that require the newer dependencies.
In short, I am not prepared to go down that rabbit hole. If we really want to support a twitter source then it should be upgraded to newer APIs as Sean had mentioned.
Ralph
> On Aug 1, 2022, at 8:23 AM, Ralph Goers <ra...@dslextreme.com> wrote:
>
> I did a search for AVRO security issues and found one for the .NET SDK at 1.10.2 and earlier. I am wondering if security scans are going to flag that even though it shouldn’t apply to Java code.
>
> I also see CVE-2019-17195 which doesn’t make a lot of sense to me. It looks like a transitive dependency has an issue and somehow a CVE was created for AVRO because the dependency was used in a Docker image. That should not apply to Flume.
>
> I’ll try reverting the version and running another build.
>
> Ralph
>
>> On Aug 1, 2022, at 12:48 AM, Tristan Stevens <tr...@apache.org> wrote:
>>
>> Hi all,
>> Sean reported that the Twitter4j integration was failing last time, seemingly because of an Avro bug. I suggest we roll Avro back to 1.7.7 for this release.
>>
>> Sean - grateful for your thoughts as to how important this is.
>>
>> Tristan
>>
>> Get Outlook for Android<https://aka.ms/AAb9ysg>
>> ________________________________
>> From: Ralph Goers <ra...@dslextreme.com>
>> Sent: Monday, August 1, 2022 1:16:15 AM
>> To: dev@flume.apache.org <de...@flume.apache.org>
>> Cc: private@flume.apache.org <pr...@flume.apache.org>
>> Subject: [VOTE] Release Apache Flume 1.10.1-RC1
>>
>> This is a vote to release Flume 1.10.1, the next version of the Apache Flume project.
>>
>> Please download, test, and cast your votes on the Flume developers list.
>> [] +1, release the artifacts
>> [] -1, don't release because...
>>
>> The vote will remain open for 72 hours. All votes are welcome and we encourage everyone to test the release, but only Flume PMC votes are “officially” counted. As always, at least 3 +1 votes and more positive than negative votes are required.
>>
>> Changes in this release can be found at https://flume.staged.apache.org/releases/1.10.1.html.
>>
>> Tag:
>> a) for a new copy do "git clone https://github.com/apache/flume.git and then "git checkout tags/flume-1.10.1-rc1” or just "git clone -b lflume-1.10.1-rc1 https://github.com/apache/flume.git"
>> b) for an existing working copy to “git pull” and then “git checkout tags/flume-1.10.1-rc1”
>>
>> Web Site: https://flume.staged.apache.org/.
>>
>> Maven Artifacts: https://repository.apache.org/content/repositories/orgapacheflume-1036.
>>
>> Distribution archives: https://dist.apache.org/repos/dist/dev/flume/
>>
>> You may download all the Maven artifacts by executing:
>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate https://repository.apache.org/content/repositories/orgapacheflume-1036/org/apache/flume/
>>
>> Ralph
>
Re: [VOTE] Release Apache Flume 1.10.1-RC1
Posted by Ralph Goers <ra...@dslextreme.com>.
I did a search for AVRO security issues and found one for the .NET SDK at 1.10.2 and earlier. I am wondering if security scans are going to flag that even though it shouldn’t apply to Java code.
I also see CVE-2019-17195 which doesn’t make a lot of sense to me. It looks like a transitive dependency has an issue and somehow a CVE was created for AVRO because the dependency was used in a Docker image. That should not apply to Flume.
I’ll try reverting the version and running another build.
Ralph
> On Aug 1, 2022, at 12:48 AM, Tristan Stevens <tr...@apache.org> wrote:
>
> Hi all,
> Sean reported that the Twitter4j integration was failing last time, seemingly because of an Avro bug. I suggest we roll Avro back to 1.7.7 for this release.
>
> Sean - grateful for your thoughts as to how important this is.
>
> Tristan
>
> Get Outlook for Android<https://aka.ms/AAb9ysg>
> ________________________________
> From: Ralph Goers <ra...@dslextreme.com>
> Sent: Monday, August 1, 2022 1:16:15 AM
> To: dev@flume.apache.org <de...@flume.apache.org>
> Cc: private@flume.apache.org <pr...@flume.apache.org>
> Subject: [VOTE] Release Apache Flume 1.10.1-RC1
>
> This is a vote to release Flume 1.10.1, the next version of the Apache Flume project.
>
> Please download, test, and cast your votes on the Flume developers list.
> [] +1, release the artifacts
> [] -1, don't release because...
>
> The vote will remain open for 72 hours. All votes are welcome and we encourage everyone to test the release, but only Flume PMC votes are “officially” counted. As always, at least 3 +1 votes and more positive than negative votes are required.
>
> Changes in this release can be found at https://flume.staged.apache.org/releases/1.10.1.html.
>
> Tag:
> a) for a new copy do "git clone https://github.com/apache/flume.git and then "git checkout tags/flume-1.10.1-rc1” or just "git clone -b lflume-1.10.1-rc1 https://github.com/apache/flume.git"
> b) for an existing working copy to “git pull” and then “git checkout tags/flume-1.10.1-rc1”
>
> Web Site: https://flume.staged.apache.org/.
>
> Maven Artifacts: https://repository.apache.org/content/repositories/orgapacheflume-1036.
>
> Distribution archives: https://dist.apache.org/repos/dist/dev/flume/
>
> You may download all the Maven artifacts by executing:
> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate https://repository.apache.org/content/repositories/orgapacheflume-1036/org/apache/flume/
>
> Ralph
Re: [VOTE] Release Apache Flume 1.10.1-RC1
Posted by Tristan Stevens <tr...@apache.org>.
Hi all,
Sean reported that the Twitter4j integration was failing last time, seemingly because of an Avro bug. I suggest we roll Avro back to 1.7.7 for this release.
Sean - grateful for your thoughts as to how important this is.
Tristan
Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Ralph Goers <ra...@dslextreme.com>
Sent: Monday, August 1, 2022 1:16:15 AM
To: dev@flume.apache.org <de...@flume.apache.org>
Cc: private@flume.apache.org <pr...@flume.apache.org>
Subject: [VOTE] Release Apache Flume 1.10.1-RC1
This is a vote to release Flume 1.10.1, the next version of the Apache Flume project.
Please download, test, and cast your votes on the Flume developers list.
[] +1, release the artifacts
[] -1, don't release because...
The vote will remain open for 72 hours. All votes are welcome and we encourage everyone to test the release, but only Flume PMC votes are “officially” counted. As always, at least 3 +1 votes and more positive than negative votes are required.
Changes in this release can be found at https://flume.staged.apache.org/releases/1.10.1.html.
Tag:
a) for a new copy do "git clone https://github.com/apache/flume.git and then "git checkout tags/flume-1.10.1-rc1” or just "git clone -b lflume-1.10.1-rc1 https://github.com/apache/flume.git"
b) for an existing working copy to “git pull” and then “git checkout tags/flume-1.10.1-rc1”
Web Site: https://flume.staged.apache.org/.
Maven Artifacts: https://repository.apache.org/content/repositories/orgapacheflume-1036.
Distribution archives: https://dist.apache.org/repos/dist/dev/flume/
You may download all the Maven artifacts by executing:
wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate https://repository.apache.org/content/repositories/orgapacheflume-1036/org/apache/flume/
Ralph