Ok, let's do that! On Sat, May 29, 2021, 19:09 Charles Givre <[email protected]> wrote:
> Hi Laurent, > We got the CVEs sorted out, and at least one of the parquet bugs was > sorted. Maybe give it until Tuesday and if DRILL-7934 is merged, great, if > not, we go without it and start preparing a release. > Does that work? > - C > > > On May 28, 2021, at 9:55 PM, luoc <[email protected]> wrote: > > > > Hi Laurent, > > That's right. Thanks all for the contributions. As Charles said, We > plan to speed up the release frequency. I'm ready to post the [VOTE] mail > at the end of 1.19 release. > > > >> 在 2021年5月29日,01:55,Laurent Goujon <[email protected]> 写道: > >> > >> Today's update: several changes related to the CVEs have been merged, > along > >> with a bugfix for Parquet. Thanks to all of you who helped on those > changes. > >> I believe there's only one Parquet change left for DRILL-7934: > >> <https://issues.apache.org/jira/browse/DRILL-7934> Charles, is this > correct? > >> > >> Laurent > >> > >>> On Thu, May 27, 2021 at 10:48 AM Laurent Goujon <[email protected]> > wrote: > >>> > >>> Some fixes/improvements were made to the codebase since the last > release, > >>> and sadly an official release is needed to pick up those changes. Ray > asked > >>> the community more than a month ago. More recently, other people have > been > >>> asking too on the user mailing list. > >>> > >>> Like I said, it might be okay to change the scope but what I'm asking > is a > >>> little help/transparency here because it looks like I'm chasing a > moving > >>> target. If we can clarify which new issues have to be part of the > release > >>> and why (depending on the severity), and how long we think it will > take, > >>> I'd hope we can have some constructive discussion. > >>> > >>> As for the dependencies change: > >>> - I actually wrote a pull request to address CVEs in both Hadoop and > Jetty > >>> - The Guava change will not address the most recent CVE. To address the > >>> CVE, code must be changed, and it doesn't require a Guava update. The > >>> change made to the Guava library was to deprecate the unsecure > method... So > >>> imho updating dependencies to address CVE without looking at the CVE > itself > >>> does not make things safer. So to address specifically the CVE, I > opened a > >>> new ticket (DRILL-7936 < > https://issues.apache.org/jira/browse/DRILL-7936>) > >>> and a pull request (https://github.com/apache/drill/pull/2240) > >>> > >>> > >>>> On Thu, May 27, 2021 at 9:30 AM Charles Givre <[email protected]> > wrote: > >>>> > >>>> Hi Laurent, > >>>> I’m not sure what the rush is to get a release out. I would much > rather > >>>> do a quality release than just get something out the door for the > sake of > >>>> getting something out the door. > >>>> > >>>> In reference to Drill-7934 (Parquet), DRILL-7919 I am personally not > in > >>>> favor of putting out a release with known bugs, especially when these > bugs > >>>> affect parts of Drill that are in active use, we don’t do releases > that > >>>> frequently, and there is a PR that is awaiting merge. > >>>> > >>>> I’m also not in favor of a release that has known issues with > >>>> dependencies, especially again when there are pending PRs that address > >>>> these CVEs. If we did more frequent releases (which we have > discussed and > >>>> hope to do going forward), then fine, but we’ve been averaging 2 a > year and > >>>> I’d hate for users to have to wait 6 months for these fixes. > >>>> > >>>> — C > >>>> > >>>> > >>>> > >>>>> On May 27, 2021, at 12:19 PM, Laurent Goujon <[email protected]> > >>>> wrote: > >>>>> > >>>>> Since I'm also a reviewer and that I see that the past comments I've > >>>> been > >>>>> addressed, and since I do not see another committer opposing the > patch, > >>>>> wouldn't I be able to give my +1 and that would clear that bar? > >>>>> > >>>>> As for the parquet issues, when we started the release discussion a > >>>> month > >>>>> ago, we agreed on a scope, and the parquet issues were not part of > it. I > >>>>> understand that scope can change but can we discuss it in this thread > >>>> about > >>>>> why this release should include it vs wait on the next release? We > need > >>>> to > >>>>> draw a line somewhere. > >>>>> > >>>>> Laurent > >>>>> > >>>>> On Thu, May 27, 2021 at 8:05 AM Charles Givre <[email protected]> > wrote: > >>>>> > >>>>>> Laurent, > >>>>>> Per Apache policy, you need a +1 from a reviewer to merge a PR. > Unless > >>>>>> there is one, please do not merge. I'll reach out to Vitalii to see > >>>> what > >>>>>> the current status is. Also there are a few bug fixes for the > Parquet > >>>>>> which Vova submitted which looks like we should include as well. > >>>>>> Best, > >>>>>> -- C > >>>>>> > >>>>>>> On May 27, 2021, at 11:01 AM, Laurent Goujon <[email protected]> > >>>> wrote: > >>>>>>> > >>>>>>> Sadly, I haven't heard from people regarding the patches. At the > same > >>>>>> time, > >>>>>>> I think we held the window open for merging the changes for a very > >>>> long > >>>>>>> time. Unless there's objection, I'm planning to merge the Guava and > >>>>>>> Jetty/Hadoop pull requests later today, and doing the first RC for > >>>> Drill > >>>>>>> 1.19.0 > >>>>>>> > >>>>>>> Here are the pull request links: > >>>>>>> * https://github.com/apache/drill/pull/2202 > >>>>>>> * https://github.com/apache/drill/pull/2236 > >>>>>>> > >>>>>>> Laurent > >>>>>>> > >>>>>>> > >>>>>>> On Wed, May 26, 2021 at 11:59 AM Laurent Goujon < > [email protected]> > >>>>>> wrote: > >>>>>>> > >>>>>>>> After several retries, the Guava checks successfully passed: > >>>>>>>> https://github.com/apache/drill/pull/2202 > >>>>>>>> > >>>>>>>> Charles, can we proceed on merging your change? > >>>>>>>> > >>>>>>>> Laurent > >>>>>>>> > >>>>>>>> On Tue, May 25, 2021 at 10:24 PM Laurent Goujon < > [email protected]> > >>>>>>>> wrote: > >>>>>>>> > >>>>>>>>> Just an update. There's a patch for updating both Jetty and > Hadoop > >>>> (at > >>>>>>>>> the same time) as those changes are co-dependent: > >>>>>>>>> https://github.com/apache/drill/pull/2236 > >>>>>>>>> > >>>>>>>>> As for the Guava patch, I'd be happy to help, but I'm not sure > >>>> what's > >>>>>>>>> left. As far as I can tell the shaded version of Guava has been > >>>>>> updated, > >>>>>>>>> but the build is failing. The security vulnerabilities for Guava > are > >>>>>>>>> moderate (and actually it seems a fix for CVE-2020-8908 would > >>>> require a > >>>>>>>>> code change instead of a Guava update. > >>>>>>>>> > >>>>>>>>> Since this has been almost a month since we started this release > >>>>>> process, > >>>>>>>>> I wonder if we still want to wait on this patch, or if we should > >>>> move > >>>>>> it to > >>>>>>>>> the next release. > >>>>>>>>> > >>>>>>>>> Let me know what people think, > >>>>>>>>> > >>>>>>>>> On Tue, May 25, 2021 at 8:24 AM Laurent Goujon < > [email protected]> > >>>>>>>>> wrote: > >>>>>>>>> > >>>>>>>>>> Anything I can help with? > >>>>>>>>>> > >>>>>>>>>> On Tue, May 25, 2021 at 7:02 AM Charles Givre <[email protected] > > > >>>>>> wrote: > >>>>>>>>>> > >>>>>>>>>>> HI Laurent, > >>>>>>>>>>> My apologies. I said Junit, when I was meaning to say to the > >>>> Guava > >>>>>> PR ( > >>>>>>>>>>> https://github.com/apache/drill/pull/2202 < > >>>>>>>>>>> https://github.com/apache/drill/pull/2202>). I think this > one is > >>>>>>>>>>> almost done as well. > >>>>>>>>>>> -- C > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>>> On May 24, 2021, at 5:29 PM, Laurent Goujon < > [email protected]> > >>>>>>>>>>> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>> Ok, I was hoping that some of the PRs could be merged, but if > we > >>>> are > >>>>>>>>>>> in > >>>>>>>>>>>> agreement, let's start the work :) > >>>>>>>>>>>> > >>>>>>>>>>>> On Sun, May 23, 2021 at 6:52 PM luoc <[email protected]> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>>> Hi Charles, > >>>>>>>>>>>>> All right, we'll be expecting the update. > >>>>>>>>>>>>> > >>>>>>>>>>>>>> 2021年5月24日 上午12:13,Charles Givre <[email protected]> 写道: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Hi Luoc, > >>>>>>>>>>>>>> We still have a few PRs pending that we really should get > into > >>>>>> Drill > >>>>>>>>>>>>> 1.19. The main one is the junit upgrade. There are a few > >>>> critical > >>>>>>>>>>> CVEs > >>>>>>>>>>>>> associated with that, so I do think it is important to get > that > >>>> one > >>>>>>>>>>>>> merged. I think Vitalii will have that one done in short > order. > >>>>>>>>>>>>>> Best, > >>>>>>>>>>>>>> -- C > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On May 22, 2021, at 5:16 AM, luoc <[email protected]> wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Hi Laurent, > >>>>>>>>>>>>>>> It’s time to do a release with 1.19.0. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> 2021年5月19日 上午2:20,Vitalii Diravka <[email protected]> > 写道: > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Hi Laurent, > >>>>>>>>>>>>>>>> DRILL-7871 requires additional time to be introduced and > it > >>>> is > >>>>>>>>>>> better > >>>>>>>>>>>>> to > >>>>>>>>>>>>>>>> include it for the next release. > >>>>>>>>>>>>>>>> DRILL-7904 is updated, I think it will be merged in a few > >>>> days. > >>>>>>>>>>> But it > >>>>>>>>>>>>>>>> doesn't matter whether it is included in this release or > in > >>>> the > >>>>>>>>>>> next > >>>>>>>>>>>>> one. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> So we can plan to start the release process > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Kind regards > >>>>>>>>>>>>>>>> Vitalii > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> On Tue, May 11, 2021 at 7:52 PM Laurent Goujon < > >>>>>>>>>>> [email protected]> > >>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Thanks Vitalii > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> On Tue, May 11, 2021 at 9:29 AM Vitalii Diravka < > >>>>>>>>>>> [email protected]> > >>>>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Hi Luoc! > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> They are almost ready. I plan to update PR for them > today. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Kind regards > >>>>>>>>>>>>>>>>>> Vitalii > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> On Sat, May 8, 2021 at 5:26 PM luoc <[email protected]> > >>>> wrote: > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Hi Vitalii, > >>>>>>>>>>>>>>>>>>> Would you mind sharing that... Is DRILL-7904 ready to > >>>> review > >>>>>>>>>>> again? > >>>>>>>>>>>>>>>>>> And what’s > >>>>>>>>>>>>>>>>>>> the status on the DRILL-7871? thanks > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> 2021年5月4日 下午1:10,Ted Dunning <[email protected]> > 写道: > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Laurent, > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> I don't have a stake here, so can't really comment > about > >>>>>>>>>>> specifics, > >>>>>>>>>>>>> but > >>>>>>>>>>>>>>>>>> the > >>>>>>>>>>>>>>>>>>> process is looking good. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> On Mon, May 3, 2021 at 9:23 PM Laurent Goujon < > >>>>>>>>>>> [email protected]> > >>>>>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Thanks for all the answers > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> So the issues I found based on the feedback are: > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> - DRILL-7878: Fix LGTM Alerts > >>>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7878> > >>>>>>>>>>>>>>>>>>> - DRILL-7871: StoragePluginStore instances for > different > >>>>>> users > >>>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7871> > >>>>>>>>>>>>>>>>>>> - DRILL-7908: Fix GitHub Actions CI > >>>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7908> > >>>>>>>>>>>>>>>>>>> - DRILL-7904: Update to 30-jre Guava version > >>>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7904> > >>>>>>>>>>>>>>>>>>> - DRILL-7826: Merge Pcap and Pcapng format plugin > based on > >>>>>> EVF > >>>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7826> > >>>>>>>>>>>>>>>>>>> - DRILL-7828: Refactor Pcap and Pcapng format plugin > >>>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7828> > >>>>>>>>>>>>>>>>>>> - DRILL-7910: Bumps commons-io from 2.4 to 2.7 > >>>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7910> > >>>>>>>>>>>>>>>>>>> - DRILL-7901: Bump junit from 4.12 to 4.13.1 > >>>>>>>>>>>>>>>>>>> <https://issues.apache.org/jira/browse/DRILL-7901> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> I wanted to propose Monday May 10th to do the first > >>>> release > >>>>>>>>>>>>> candidate, > >>>>>>>>>>>>>>>>>> but > >>>>>>>>>>>>>>>>>>> I have some concerns about some of the changes which > may > >>>> not > >>>>>> be > >>>>>>>>>>>>> ready > >>>>>>>>>>>>>>>>> by > >>>>>>>>>>>>>>>>>>> then considering they seem to involve some level of > effort > >>>>>> and > >>>>>>>>>>> are > >>>>>>>>>>>>> in > >>>>>>>>>>>>>>>>>> very > >>>>>>>>>>>>>>>>>>> early stage: The LGTM alert changes and the > >>>>>> StoragePluginStore > >>>>>>>>>>> model > >>>>>>>>>>>>>>>>>>> change. JUnit version update might also become quite a > >>>> large > >>>>>>>>>>> change > >>>>>>>>>>>>> if > >>>>>>>>>>>>>>>>>>> instead of moving to 4.13.1, Drill is switching to > JUnit5. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> What do people think? > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> On Sat, Apr 24, 2021 at 1:00 PM Vitalii Diravka < > >>>>>>>>>>> [email protected] > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Hi Laurent, > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> I want to include: > >>>>>>>>>>>>>>>>>>> DRILL-7871 < > >>>> https://issues.apache.org/jira/browse/DRILL-7871 > >>>>>>> > >>>>>>>>>>>>>>>>> (preparing > >>>>>>>>>>>>>>>>>>> PR) > >>>>>>>>>>>>>>>>>>> DRILL-7908 < > >>>> https://issues.apache.org/jira/browse/DRILL-7908 > >>>>>>> > >>>>>>>>>>>>>>>>> (preparing > >>>>>>>>>>>>>>>>>>> PR) > >>>>>>>>>>>>>>>>>>> DRILL-7904 < > >>>> https://issues.apache.org/jira/browse/DRILL-7904 > >>>>>>> > >>>>>>>>>>> (PR > >>>>>>>>>>>>> is > >>>>>>>>>>>>>>>>>>> opened, in review) > >>>>>>>>>>>>>>>>>>> DRILL-7828 < > >>>> https://issues.apache.org/jira/browse/DRILL-7828 > >>>>>>> > >>>>>>>>>>> (PR > >>>>>>>>>>>>> is > >>>>>>>>>>>>>>>>>>> opened, review is almost completed) > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> All these tasks are expected to be completed in a week > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Kind regards > >>>>>>>>>>>>>>>>>>> Vitalii > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> On Fri, Apr 23, 2021 at 9:25 PM Charles Givre < > >>>>>>>>>>> [email protected]> > >>>>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Hi Laurent, > >>>>>>>>>>>>>>>>>>> We have a few PRs pending which I'd like to see in the > >>>> next > >>>>>>>>>>> version > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> which > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> are: > >>>>>>>>>>>>>>>>>>> 1. The update(s) and bug fixes to the Mongo plugin. > >>>>>>>>>>>>>>>>>>> 2. There is an extended PR for bug fixes which clean > up a > >>>>>> lot > >>>>>>>>>>> of > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> alerts > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> generated by LGTM > >>>>>>>>>>>>>>>>>>> 3. There are a few other library updates which are > >>>> pending. > >>>>>>>>>>>>>>>>>>> 4. We have some work which changes the access model > >>>> around > >>>>>>>>>>> storage > >>>>>>>>>>>>>>>>>>> plugins which would be good for this release > >>>>>>>>>>>>>>>>>>> 5. The PCAP/PCAP-NG consolidation is awaiting review. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> I think that's it. > >>>>>>>>>>>>>>>>>>> -- C > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> On Apr 22, 2021, at 12:33 PM, Laurent Goujon < > >>>>>>>>>>> [email protected]> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Hello everyone, > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> It has been more than 6 months since the last release, > >>>> and I > >>>>>>>>>>> believe > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> this > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> would be a good time to discuss the next one. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> As mentioned in a previous email thread, I am > >>>> volunteering to > >>>>>>>>>>> be the > >>>>>>>>>>>>>>>>>>> release manager, and I'm looking forward working with > the > >>>>>>>>>>> whole > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> community > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> to make another great release. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> We have around 80 changes in master since the last > >>>> release, > >>>>>> and > >>>>>>>>>>>>> there > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> are > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> several changes open for review too. It would be nice > if > >>>>>> people > >>>>>>>>>>>>> could > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> reply > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> to this email and share issues which should be part of > >>>> that > >>>>>>>>>>> release, > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> so > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> we > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> can decide on an initial cut-off date. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Thanks in advance, > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Laurent > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>> > >>>>>> > >>>> > >>>> > >> > > > >
