Thanx Everyone for the feedback. I have created https://issues.apache.org/jira/browse/HIVE-28005 for the removal of this module from master branch.
-Ayush On Wed, 10 Jan 2024 at 21:42, Sankar Hariappan <sankar.hariap...@microsoft.com.invalid> wrote: > +1, It is needed only for upgrading from Hive 1.x/2.x to 3.x and not > relevant for 4.x. We can retain it in 3.x release line only. > > -Sankar > > -----Original Message----- > From: Attila Turoczy <aturo...@cloudera.com.INVALID> > Sent: Wednesday, January 10, 2024 7:04 PM > To: dev@hive.apache.org > Subject: [EXTERNAL] Re: [DISCUSS] Deprecate/Drop upgrade-acid module from > 4.x > > [You don't often get email from aturo...@cloudera.com.invalid. Learn why > this is important at https://aka.ms/LearnAboutSenderIdentification ] > > Big +1 from me. As we shift our focus from ACID to Iceberg I do not think > it is relevant anymore. Also as Butao highlighted it has a CVE as well. > Let's remove it, and if eventually something is needed (highly doubt) then > we can revisit the decision at that time. > Due to the extensive history of Hive and the numerous legacy components > that haven't been touched since 1972, it is crucial for us all to be more > decisive in determining what to keep and maintain. The size of the codebase > makes it extremely challenging, time-consuming, and potentially frustrating > for OSS contributors to thoroughly review all 67 (just a number :) ) > aspects of the Hive. > > -Attila > > On Wed, Jan 10, 2024 at 2:55 AM Butao Zhang <butaozha...@163.com> wrote: > > > +1. I am not sure the use case of upgrade-acid module, but it seems > > +that > > this module is rarely&never used in my world. I think maybe the first > > safe step is deprecating this module to let users&dev know that this > > module should not be used any more. > > > > BTW, my idea tells me that this module used the old Hive2.3.3 which > > has some vulnerability. Should we consider upgrading this dependency to > hive4? > > : > > "Dependency maven:org.apache.hive:hive-metastore:2.3.3 is vulnerable, > > safe version 4.0.0-alpha-2" > > CVE-2021-34538 7.5 Missing Authentication for Critical Function > > vulnerability > > > > > > > > Thanks, > > Butao Zhang > > ---- Replied Message ---- > > From Ayush Saxena<ayush...@gmail.com> <ayush...@gmail.com> Date > > 1/10/2024 07:45 To dev<dev@hive.apache.org> <dev@hive.apache.org> > > Subject [DISCUSS] Deprecate/Drop upgrade-acid module from 4.x Hi > > Folks, Wanted to know thoughts on removing the upgrade-acid module[1] > > from 4.x. The javadoc on one of the main files[2] read "This utility > > is designed to help with upgrading Hive 2.x to Hive 3.0". I think this > > is a 2.x to 3.x thing and doesn't look relevant for Hive-4.x. Checking > > the git log, I don't find any relevant development happening on this > > either. > > > > The main challenge that this brings is that it depends on legacy > > Hive(2.3.3) & Hadoop(2.7.2) [3], which aren't JDK-11 compliant & it > > blocks the way for Hive JDK-11 compile time support. > > > > Let me know your thoughts!!! > > > > -Ayush > > > > [1] > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > > ub.com%2Fapache%2Fhive%2Ftree%2Fmaster%2Fupgrade-acid&data=05%7C02%7CS > > ankar.Hariappan%40microsoft.com%7C2b9cb6396ced4d0e629e08dc11e1125c%7C7 > > 2f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638404905616518454%7CUnknown > > %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ > > XVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5VD1wpffcaTp6fI0a0q5Svtjn1SHWWKBQZSd > > fF0BbcY%3D&reserved=0 > > [2] > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > > ub.com%2Fapache%2Fhive%2Fblob%2Fmaster%2Fupgrade-acid%2Fpre-upgrade%2F > > src%2Fmain%2Fjava%2Forg%2Fapache%2Fhadoop%2Fhive%2Fupgrade%2Facid%2FPr > > eUpgradeTool.java%23L86C4-L86C72&data=05%7C02%7CSankar.Hariappan%40mic > > rosoft.com%7C2b9cb6396ced4d0e629e08dc11e1125c%7C72f988bf86f141af91ab2d > > 7cd011db47%7C1%7C0%7C638404905616525910%7CUnknown%7CTWFpbGZsb3d8eyJWIj > > oiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C > > %7C%7C&sdata=lBMFnBrWsSMR3y%2FPlCzjz3ZuJR7jwOq5uJ91EGTEpTs%3D&reserved > > =0 > > [3] > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith > > ub.com%2Fapache%2Fhive%2Fblob%2Fmaster%2Fupgrade-acid%2Fpre-upgrade%2F > > pom.xml%23L38-L39&data=05%7C02%7CSankar.Hariappan%40microsoft.com%7C2b > > 9cb6396ced4d0e629e08dc11e1125c%7C72f988bf86f141af91ab2d7cd011db47%7C1% > > 7C0%7C638404905616532153%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL > > CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Su > > 9HZ%2FwUq%2B6Rel5RR8p2%2BFhJz4Jf3HemTkulKsIcH4k%3D&reserved=0 > > >
