For the other issue, there's no reason not to move up to more recent minors of those HBase releases without the dependency problem as long as we don't detect a regression by doing so.
On Thu, Feb 9, 2017 at 1:10 PM, Josh Elser <els...@apache.org> wrote: > Sweetness. Thanks for taking that on! > > > Josh Mahonin wrote: > >> Re: the flume dependency, I suspect we can swap out the org.json:json >> dependency with com.tdunning:json without too much pain. I've assigned >> PHOENIX-3658 to myself to look at, will try and attend to it in the next >> week. >> >> https://github.com/tdunning/open-json >> >> >> On Thu, Feb 9, 2017 at 12:10 PM, Josh Elser<els...@apache.org> wrote: >> >> See https://issues.apache.org/jira/browse/PHOENIX-3658 and >>> https://issues.apache.org/jira/browse/PHOENIX-3659 for the full details. >>> >>> The summary is that I noticed two dependencies that we're including (one >>> direct, one transitive) that are disallowed. >>> >>> The direct dependency (org.json:json by phoenix-flume) is technically >>> "ok" >>> but only until 2017/04/30 when the grace-period expires. Essentially, >>> we've >>> used up half of the time allotted to fix this one already ;) >>> >>> The latter is one that we inherited from HBase. We can address it by >>> bumping the 1.1 and 1.2 hbase version -- but I'd be interested in hearing >>> if others have opinions on whether we do that or try to surgically remove >>> the dependency from our bundling. >>> >>> - Josh >>> >>> >> -- Best regards, - Andy If you are given a choice, you believe you have acted freely. - Raymond Teller (via Peter Watts)