Hi Laurent, That's right. Thanks all for the contributions. As Charles said, We plan to speed up the release frequency. I'm ready to post the [VOTE] mail at the end of 1.19 release.
> 在 2021年5月29日,01:55,Laurent Goujon <laur...@dremio.com> 写道: > > Today's update: several changes related to the CVEs have been merged, along > with a bugfix for Parquet. Thanks to all of you who helped on those changes. > I believe there's only one Parquet change left for DRILL-7934: > <https://issues.apache.org/jira/browse/DRILL-7934> Charles, is this correct? > > Laurent > >> On Thu, May 27, 2021 at 10:48 AM Laurent Goujon <laur...@dremio.com> wrote: >> >> Some fixes/improvements were made to the codebase since the last release, >> and sadly an official release is needed to pick up those changes. Ray asked >> the community more than a month ago. More recently, other people have been >> asking too on the user mailing list. >> >> Like I said, it might be okay to change the scope but what I'm asking is a >> little help/transparency here because it looks like I'm chasing a moving >> target. If we can clarify which new issues have to be part of the release >> and why (depending on the severity), and how long we think it will take, >> I'd hope we can have some constructive discussion. >> >> As for the dependencies change: >> - I actually wrote a pull request to address CVEs in both Hadoop and Jetty >> - The Guava change will not address the most recent CVE. To address the >> CVE, code must be changed, and it doesn't require a Guava update. The >> change made to the Guava library was to deprecate the unsecure method... So >> imho updating dependencies to address CVE without looking at the CVE itself >> does not make things safer. So to address specifically the CVE, I opened a >> new ticket (DRILL-7936 <https://issues.apache.org/jira/browse/DRILL-7936>) >> and a pull request (https://github.com/apache/drill/pull/2240) >> >> >>> On Thu, May 27, 2021 at 9:30 AM Charles Givre <cgi...@gmail.com> wrote: >>> >>> Hi Laurent, >>> I’m not sure what the rush is to get a release out. I would much rather >>> do a quality release than just get something out the door for the sake of >>> getting something out the door. >>> >>> In reference to Drill-7934 (Parquet), DRILL-7919 I am personally not in >>> favor of putting out a release with known bugs, especially when these bugs >>> affect parts of Drill that are in active use, we don’t do releases that >>> frequently, and there is a PR that is awaiting merge. >>> >>> I’m also not in favor of a release that has known issues with >>> dependencies, especially again when there are pending PRs that address >>> these CVEs. If we did more frequent releases (which we have discussed and >>> hope to do going forward), then fine, but we’ve been averaging 2 a year and >>> I’d hate for users to have to wait 6 months for these fixes. >>> >>> — C >>> >>> >>> >>>> On May 27, 2021, at 12:19 PM, Laurent Goujon <laur...@dremio.com> >>> wrote: >>>> >>>> Since I'm also a reviewer and that I see that the past comments I've >>> been >>>> addressed, and since I do not see another committer opposing the patch, >>>> wouldn't I be able to give my +1 and that would clear that bar? >>>> >>>> As for the parquet issues, when we started the release discussion a >>> month >>>> ago, we agreed on a scope, and the parquet issues were not part of it. I >>>> understand that scope can change but can we discuss it in this thread >>> about >>>> why this release should include it vs wait on the next release? We need >>> to >>>> draw a line somewhere. >>>> >>>> Laurent >>>> >>>> On Thu, May 27, 2021 at 8:05 AM Charles Givre <cgi...@gmail.com> wrote: >>>> >>>>> Laurent, >>>>> Per Apache policy, you need a +1 from a reviewer to merge a PR. Unless >>>>> there is one, please do not merge. I'll reach out to Vitalii to see >>> what >>>>> the current status is. Also there are a few bug fixes for the Parquet >>>>> which Vova submitted which looks like we should include as well. >>>>> Best, >>>>> -- C >>>>> >>>>>> On May 27, 2021, at 11:01 AM, Laurent Goujon <laur...@dremio.com> >>> wrote: >>>>>> >>>>>> Sadly, I haven't heard from people regarding the patches. At the same >>>>> time, >>>>>> I think we held the window open for merging the changes for a very >>> long >>>>>> time. Unless there's objection, I'm planning to merge the Guava and >>>>>> Jetty/Hadoop pull requests later today, and doing the first RC for >>> Drill >>>>>> 1.19.0 >>>>>> >>>>>> Here are the pull request links: >>>>>> * https://github.com/apache/drill/pull/2202 >>>>>> * https://github.com/apache/drill/pull/2236 >>>>>> >>>>>> Laurent >>>>>> >>>>>> >>>>>> On Wed, May 26, 2021 at 11:59 AM Laurent Goujon <laur...@dremio.com> >>>>> wrote: >>>>>> >>>>>>> After several retries, the Guava checks successfully passed: >>>>>>> https://github.com/apache/drill/pull/2202 >>>>>>> >>>>>>> Charles, can we proceed on merging your change? >>>>>>> >>>>>>> Laurent >>>>>>> >>>>>>> On Tue, May 25, 2021 at 10:24 PM Laurent Goujon <laur...@dremio.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Just an update. There's a patch for updating both Jetty and Hadoop >>> (at >>>>>>>> the same time) as those changes are co-dependent: >>>>>>>> https://github.com/apache/drill/pull/2236 >>>>>>>> >>>>>>>> As for the Guava patch, I'd be happy to help, but I'm not sure >>> what's >>>>>>>> left. As far as I can tell the shaded version of Guava has been >>>>> updated, >>>>>>>> but the build is failing. The security vulnerabilities for Guava are >>>>>>>> moderate (and actually it seems a fix for CVE-2020-8908 would >>> require a >>>>>>>> code change instead of a Guava update. >>>>>>>> >>>>>>>> Since this has been almost a month since we started this release >>>>> process, >>>>>>>> I wonder if we still want to wait on this patch, or if we should >>> move >>>>> it to >>>>>>>> the next release. >>>>>>>> >>>>>>>> Let me know what people think, >>>>>>>> >>>>>>>> On Tue, May 25, 2021 at 8:24 AM Laurent Goujon <laur...@dremio.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Anything I can help with? >>>>>>>>> >>>>>>>>> On Tue, May 25, 2021 at 7:02 AM Charles Givre <cgi...@gmail.com> >>>>> wrote: >>>>>>>>> >>>>>>>>>> HI Laurent, >>>>>>>>>> My apologies. I said Junit, when I was meaning to say to the >>> Guava >>>>> PR ( >>>>>>>>>> https://github.com/apache/drill/pull/2202 < >>>>>>>>>> https://github.com/apache/drill/pull/2202>). I think this one is >>>>>>>>>> almost done as well. >>>>>>>>>> -- C >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On May 24, 2021, at 5:29 PM, Laurent Goujon <laur...@dremio.com> >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Ok, I was hoping that some of the PRs could be merged, but if we >>> are >>>>>>>>>> in >>>>>>>>>>> agreement, let's start the work :) >>>>>>>>>>> >>>>>>>>>>> On Sun, May 23, 2021 at 6:52 PM luoc <l...@apache.org> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Charles, >>>>>>>>>>>> All right, we'll be expecting the update. >>>>>>>>>>>> >>>>>>>>>>>>> 2021年5月24日 上午12:13,Charles Givre <cgi...@gmail.com> 写道: >>>>>>>>>>>>> >>>>>>>>>>>>> Hi Luoc, >>>>>>>>>>>>> We still have a few PRs pending that we really should get into >>>>> Drill >>>>>>>>>>>> 1.19. The main one is the junit upgrade. There are a few >>> critical >>>>>>>>>> CVEs >>>>>>>>>>>> associated with that, so I do think it is important to get that >>> one >>>>>>>>>>>> merged. I think Vitalii will have that one done in short order. >>>>>>>>>>>>> Best, >>>>>>>>>>>>> -- C >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> On May 22, 2021, at 5:16 AM, luoc <l...@apache.org> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Laurent, >>>>>>>>>>>>>> It’s time to do a release with 1.19.0. >>>>>>>>>>>>>> >>>>>>>>>>>>>>> 2021年5月19日 上午2:20,Vitalii Diravka <vita...@apache.org> 写道: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Laurent, >>>>>>>>>>>>>>> DRILL-7871 requires additional time to be introduced and it >>> is >>>>>>>>>> better >>>>>>>>>>>> to >>>>>>>>>>>>>>> include it for the next release. >>>>>>>>>>>>>>> DRILL-7904 is updated, I think it will be merged in a few >>> days. >>>>>>>>>> But it >>>>>>>>>>>>>>> doesn't matter whether it is included in this release or in >>> the >>>>>>>>>> next >>>>>>>>>>>> one. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> So we can plan to start the release process >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Kind regards >>>>>>>>>>>>>>> Vitalii >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tue, May 11, 2021 at 7:52 PM Laurent Goujon < >>>>>>>>>> laur...@dremio.com> >>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks Vitalii >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Tue, May 11, 2021 at 9:29 AM Vitalii Diravka < >>>>>>>>>> vita...@apache.org> >>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Luoc! >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> They are almost ready. I plan to update PR for them today. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Kind regards >>>>>>>>>>>>>>>>> Vitalii >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Sat, May 8, 2021 at 5:26 PM luoc <l...@apache.org> >>> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Vitalii, >>>>>>>>>>>>>>>>>> Would you mind sharing that... Is DRILL-7904 ready to >>> review >>>>>>>>>> again? >>>>>>>>>>>>>>>>> And what’s >>>>>>>>>>>>>>>>>> the status on the DRILL-7871? thanks >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 2021年5月4日 下午1:10,Ted Dunning <ted.dunn...@gmail.com> 写道: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Laurent, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I don't have a stake here, so can't really comment about >>>>>>>>>> specifics, >>>>>>>>>>>> but >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> process is looking good. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Mon, May 3, 2021 at 9:23 PM Laurent Goujon < >>>>>>>>>> laur...@dremio.com> >>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks for all the answers >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> So the issues I found based on the feedback are: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> - DRILL-7878: Fix LGTM Alerts >>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7878> >>>>>>>>>>>>>>>>>> - DRILL-7871: StoragePluginStore instances for different >>>>> users >>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7871> >>>>>>>>>>>>>>>>>> - DRILL-7908: Fix GitHub Actions CI >>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7908> >>>>>>>>>>>>>>>>>> - DRILL-7904: Update to 30-jre Guava version >>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7904> >>>>>>>>>>>>>>>>>> - DRILL-7826: Merge Pcap and Pcapng format plugin based on >>>>> EVF >>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7826> >>>>>>>>>>>>>>>>>> - DRILL-7828: Refactor Pcap and Pcapng format plugin >>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7828> >>>>>>>>>>>>>>>>>> - DRILL-7910: Bumps commons-io from 2.4 to 2.7 >>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7910> >>>>>>>>>>>>>>>>>> - DRILL-7901: Bump junit from 4.12 to 4.13.1 >>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7901> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I wanted to propose Monday May 10th to do the first >>> release >>>>>>>>>>>> candidate, >>>>>>>>>>>>>>>>> but >>>>>>>>>>>>>>>>>> I have some concerns about some of the changes which may >>> not >>>>> be >>>>>>>>>>>> ready >>>>>>>>>>>>>>>> by >>>>>>>>>>>>>>>>>> then considering they seem to involve some level of effort >>>>> and >>>>>>>>>> are >>>>>>>>>>>> in >>>>>>>>>>>>>>>>> very >>>>>>>>>>>>>>>>>> early stage: The LGTM alert changes and the >>>>> StoragePluginStore >>>>>>>>>> model >>>>>>>>>>>>>>>>>> change. JUnit version update might also become quite a >>> large >>>>>>>>>> change >>>>>>>>>>>> if >>>>>>>>>>>>>>>>>> instead of moving to 4.13.1, Drill is switching to JUnit5. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> What do people think? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Sat, Apr 24, 2021 at 1:00 PM Vitalii Diravka < >>>>>>>>>> vita...@apache.org >>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Laurent, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I want to include: >>>>>>>>>>>>>>>>>> DRILL-7871 < >>> https://issues.apache.org/jira/browse/DRILL-7871 >>>>>> >>>>>>>>>>>>>>>> (preparing >>>>>>>>>>>>>>>>>> PR) >>>>>>>>>>>>>>>>>> DRILL-7908 < >>> https://issues.apache.org/jira/browse/DRILL-7908 >>>>>> >>>>>>>>>>>>>>>> (preparing >>>>>>>>>>>>>>>>>> PR) >>>>>>>>>>>>>>>>>> DRILL-7904 < >>> https://issues.apache.org/jira/browse/DRILL-7904 >>>>>> >>>>>>>>>> (PR >>>>>>>>>>>> is >>>>>>>>>>>>>>>>>> opened, in review) >>>>>>>>>>>>>>>>>> DRILL-7828 < >>> https://issues.apache.org/jira/browse/DRILL-7828 >>>>>> >>>>>>>>>> (PR >>>>>>>>>>>> is >>>>>>>>>>>>>>>>>> opened, review is almost completed) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> All these tasks are expected to be completed in a week >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Kind regards >>>>>>>>>>>>>>>>>> Vitalii >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Fri, Apr 23, 2021 at 9:25 PM Charles Givre < >>>>>>>>>> cgi...@gmail.com> >>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Laurent, >>>>>>>>>>>>>>>>>> We have a few PRs pending which I'd like to see in the >>> next >>>>>>>>>> version >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> which >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> are: >>>>>>>>>>>>>>>>>> 1. The update(s) and bug fixes to the Mongo plugin. >>>>>>>>>>>>>>>>>> 2. There is an extended PR for bug fixes which clean up a >>>>> lot >>>>>>>>>> of >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> alerts >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> generated by LGTM >>>>>>>>>>>>>>>>>> 3. There are a few other library updates which are >>> pending. >>>>>>>>>>>>>>>>>> 4. We have some work which changes the access model >>> around >>>>>>>>>> storage >>>>>>>>>>>>>>>>>> plugins which would be good for this release >>>>>>>>>>>>>>>>>> 5. The PCAP/PCAP-NG consolidation is awaiting review. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I think that's it. >>>>>>>>>>>>>>>>>> -- C >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Apr 22, 2021, at 12:33 PM, Laurent Goujon < >>>>>>>>>> laur...@dremio.com> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hello everyone, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> It has been more than 6 months since the last release, >>> and I >>>>>>>>>> believe >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> this >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> would be a good time to discuss the next one. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> As mentioned in a previous email thread, I am >>> volunteering to >>>>>>>>>> be the >>>>>>>>>>>>>>>>>> release manager, and I'm looking forward working with the >>>>>>>>>> whole >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> community >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> to make another great release. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> We have around 80 changes in master since the last >>> release, >>>>> and >>>>>>>>>>>> there >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> are >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> several changes open for review too. It would be nice if >>>>> people >>>>>>>>>>>> could >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> reply >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> to this email and share issues which should be part of >>> that >>>>>>>>>> release, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> so >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> we >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> can decide on an initial cut-off date. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks in advance, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Laurent >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>> >>>>> >>> >>> >