ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Pordash <nickpord...@gmail.com>
Subject Re: Policy for update third-party dependencies
Date Sun, 20 Aug 2017 20:02:04 GMT
If the dependency is not exposed by the public API then another alternative
is to simply shade the artifact and then this becomes a non-issue for
users.

Considering Ignite is a platform that executes user code via compute and
service grid I personally think it would be good to minimize the number of
dependencies that can potentially conflict with user code.

-Nick

On Sun, Aug 20, 2017, 11:51 AM Valentin Kulichenko <
valentin.kulichenko@gmail.com> wrote:

> Guys,
>
> Keep in mind that some projects can use *older* version of third-party
> libraries as well, and dependency upgrade can break them. In other words,
> dependency upgrade is in many cases an incompatible change for us, so we
> should do this with care.
>
> Unless there is a specific reason to upgrade a specific dependency, I think
> it's better to postpone it until major version.
>
> -Val
>
> On Sun, Aug 20, 2017 at 5:04 AM 李玉珏@163 <18624049226@163.com> wrote:
>
> > If the third party library is incompatible with the new version and the
> > old version (such as lucene3.5.0-5.5.2), and the dependent version of
> > Ignite is older, it may cause conflicts in the user's system.
> > For such scenarios, I think that updating third-party dependencies's
> > major version is valuable.
> >
> >
> > 在 2017/8/17 上午8:26, Denis Magda 写道:
> > > I would respond why do we need to update? Some bug, new capabilities,
> > security breach? Alexey K., please shed some light on this.
> > >
> > > —
> > > Denis
> > >
> > >> On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan <dsetrakyan@apache.org
> >
> > wrote:
> > >>
> > >> On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <dmagda@apache.org>
> wrote:
> > >>
> > >>> Honestly, I wouldn’t touch a dependency if it works like a charm
and
> > >>> nobody requested us to migrate to a new version.
> > >>>
> > >>> Why do you need to update Apache Common coded?
> > >>>
> > >> Not sure I agree. Why not update it?
> > >>
> > >>
> > >>>
> > >>> —
> > >>> Denis
> > >>>
> > >>>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov <
> akuznetsov@apache.org
> > >
> > >>> wrote:
> > >>>> Done
> > >>>>
> > >>>> https://issues.apache.org/jira/browse/IGNITE-6090
> > >>>>
> > >>>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan <
> > >>> dsetrakyan@apache.org>
> > >>>> wrote:
> > >>>>
> > >>>>> The answer is Yes, we should update. Jira ticket assigned to
the
> next
> > >>>>> release should be enough in my view.
> > >>>>>
> > >>>>> D.
> > >>>>>
> > >>>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov <
> > >>> akuznetsov@apache.org>
> > >>>>> wrote:
> > >>>>>
> > >>>>>> Hi, All!
> > >>>>>>
> > >>>>>> Do we have any policy for updating third-party dependencies?
> > >>>>>>
> > >>>>>> For example, I found that we are using very old  Apache
Common
> codec
> > >>>>> v.1.6
> > >>>>>> (released in 2011)
> > >>>>>> And latest is Apache Common codec v.1.10
> > >>>>>>
> > >>>>>> Do we need to update to new versions from time to time?
> > >>>>>> And how?
> > >>>>>>
> > >>>>>> Just create JIRA issue, update pom.xml and run all tests
on TC -
> > will
> > >>> be
> > >>>>>> enough?
> > >>>>>>
> > >>>>>> --
> > >>>>>> Alexey Kuznetsov
> > >>>>>>
> > >>>>
> > >>>>
> > >>>> --
> > >>>> Alexey Kuznetsov
> > >>>
> >
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message