Hi Dick- Thanks for the reminder on an important topic.
On quick review of *Nick's* proposal, which I like (well done), I would only add that if a patch release is cut (e.g. 1.9.1, 1.9.2) that dependencies be reviewed for updated patch releases as well. While different patch versions of dependency major.minor version SHOULD NOT cause issues, it is also a nice thing to do since critical bugs, or CVEs, may be resolved in a patch release of a dependency. Cheers, John On Thu, Sep 26, 2019 at 2:59 PM Jacob Barrett <jbarr...@pivotal.io> wrote: > Yes please! > > > On Sep 26, 2019, at 2:46 PM, Dick Cavender <dcaven...@pivotal.io> wrote: > > > > With the release of Geode 1.10.0 the window opens to apply Nick's Geode > > dependency update process with time to shake it out before the 1.11.0 > > release. > > > > His proposal can be found here: > > > https://cwiki.apache.org/confluence/display/GEODE/%5BDiscussion%5D+Geode+dependency+update+process > > > > > > Additionally the original email discuss thread can be found searching for > > subject: "[DISCUSS] Geode dependency update process (review by > 8/28/2019)" > > > > His proposal suggests that the dependency update task be something that > the > > Geode Release Manager would do post release. While it may be that a RM > can > > eventually do this until the actual update process, verification and > > documenting is defined it seems like this should be a geode community > > effort the first time around. > > > > Nick has generously offered to head up the initial process and to use the > > Geode 1.10.0 release as an opportunity to kickoff his proposal. Thanks > Nick! > > -- -John john.blum10101 (skype)
