Yes, because they deployed when 2.6.5 wasn't the latest and they don't want to deal with the headaches of Hadoop upgrades.
If we do only one, it should be the oldest IMHO. But if we're just talking about changing thing in new minor releases of HBase this is moot. We make 2.7.7 the minimum instead of 2.7.1, call out the need to check later release lines against that CVE, and move on. On Wed, Oct 24, 2018, 15:00 Josh Elser <els...@apache.org> wrote: > IMO -- for the 2.6 line, let's just use 2.6.latest (2.6.5). > > Hadoop seems to have moved beyond 2.6, it doesn't seem likely that we're > creating a lot of value for our users. Would someone deploying a Hadoop > 2.6 release seriously try a release other than the latest? > > On 10/22/18 9:32 PM, 张铎(Duo Zhang) wrote: > > See here: > > > > https://access.redhat.com/security/cve/cve-2018-8009 > > > > All 2.7.x releases before 2.7.7 have the problem. And for 2.6.x, the > hadoop > > team seems to drop the support as there is no release about two years, so > > either we keep the original support versions, or we just drop the support > > for the 2.6.x release line. > > > > Zach York <zyork.contribut...@gmail.com> 于2018年10月23日周二 上午8:51写道: > > > >> What is the main reason for the change? Build time speedup? > >> > >> Any reason for testing all of the 2.6.x line, but not the 2.7.x line? We > >> don't check at all for 2.8.x? > >> > >> Can we be more consistent with how we test compatibility? (Do we only > care > >> about the latest patch release in a line?) > >> > >> Sorry If I'm missing some of the reasoning, but at a surface level it > seems > >> fairly arbitrary which releases we are cutting. > >> > >> On Mon, Oct 22, 2018 at 5:44 PM Sean Busbey <bus...@apache.org> wrote: > >> > >>> Please leave me time to review before it is committed. > >>> > >>> On Mon, Oct 22, 2018, 13:58 Stack <st...@duboce.net> wrote: > >>> > >>>> Duo has a patch up on HBASE-20970 that changes the Hadoop versions we > >>> check > >>>> at build time. Any objections to committing to branch-2.1+? > >>>> > >>>> It makes following changes: > >>>> > >>>> 2.6.1 2.6.2 2.6.3 2.6.4 2.6.5 2.7.1 2.7.2 2.7.3 2.7.4 > >>>> > >>>> becomes > >>>> > >>>> 2.6.1 2.6.2 2.6.3 2.6.4 2.6.5 2.7.7 > >>>> > >>>> And... > >>>> > >>>> 3.0.0 > >>>> > >>>> goes to > >>>> > >>>> 3.0.3 > >>>> > >>>> Shout if you are against the change else will commit tomorrow. > >>>> > >>>> Thanks, > >>>> S > >>>> > >>> > >> > > >
