Big +1 from me. As we shift our focus from ACID to Iceberg I do not think it is relevant anymore. Also as Butao highlighted it has a CVE as well. Let's remove it, and if eventually something is needed (highly doubt) then we can revisit the decision at that time. Due to the extensive history of Hive and the numerous legacy components that haven't been touched since 1972, it is crucial for us all to be more decisive in determining what to keep and maintain. The size of the codebase makes it extremely challenging, time-consuming, and potentially frustrating for OSS contributors to thoroughly review all 67 (just a number :) ) aspects of the Hive.
-Attila On Wed, Jan 10, 2024 at 2:55 AM Butao Zhang <butaozha...@163.com> wrote: > +1. I am not sure the use case of upgrade-acid module, but it seems that > this module is rarely&never used in my world. I think maybe the first safe > step is deprecating this module to let users&dev know that this module > should not be used any more. > > BTW, my idea tells me that this module used the old Hive2.3.3 which has > some vulnerability. Should we consider upgrading this dependency to hive4? > : > "Dependency maven:org.apache.hive:hive-metastore:2.3.3 is vulnerable, > safe version 4.0.0-alpha-2" > CVE-2021-34538 7.5 Missing Authentication for Critical Function > vulnerability > > > > Thanks, > Butao Zhang > ---- Replied Message ---- > From Ayush Saxena<ayush...@gmail.com> <ayush...@gmail.com> > Date 1/10/2024 07:45 > To dev<dev@hive.apache.org> <dev@hive.apache.org> > Subject [DISCUSS] Deprecate/Drop upgrade-acid module from 4.x > Hi Folks, > Wanted to know thoughts on removing the upgrade-acid module[1] from > 4.x. The javadoc on one of the main files[2] read "This utility is > designed to help with upgrading Hive 2.x to Hive 3.0". I think this is > a 2.x to 3.x thing and doesn't look relevant for Hive-4.x. Checking > the git log, I don't find any relevant development happening on this > either. > > The main challenge that this brings is that it depends on legacy > Hive(2.3.3) & Hadoop(2.7.2) [3], which aren't JDK-11 compliant & it > blocks the way for Hive JDK-11 compile time support. > > Let me know your thoughts!!! > > -Ayush > > [1] https://github.com/apache/hive/tree/master/upgrade-acid > [2] > https://github.com/apache/hive/blob/master/upgrade-acid/pre-upgrade/src/main/java/org/apache/hadoop/hive/upgrade/acid/PreUpgradeTool.java#L86C4-L86C72 > [3] > https://github.com/apache/hive/blob/master/upgrade-acid/pre-upgrade/pom.xml#L38-L39 >
