Hi Nick, Do you suggest to build and deploy uber-jars that has no external dependencies?
-Val On Sun, Aug 20, 2017 at 1:02 PM, Nick Pordash <nickpord...@gmail.com> wrote: > If the dependency is not exposed by the public API then another alternative > is to simply shade the artifact and then this becomes a non-issue for > users. > > Considering Ignite is a platform that executes user code via compute and > service grid I personally think it would be good to minimize the number of > dependencies that can potentially conflict with user code. > > -Nick > > On Sun, Aug 20, 2017, 11:51 AM Valentin Kulichenko < > valentin.kuliche...@gmail.com> wrote: > > > Guys, > > > > Keep in mind that some projects can use *older* version of third-party > > libraries as well, and dependency upgrade can break them. In other words, > > dependency upgrade is in many cases an incompatible change for us, so we > > should do this with care. > > > > Unless there is a specific reason to upgrade a specific dependency, I > think > > it's better to postpone it until major version. > > > > -Val > > > > On Sun, Aug 20, 2017 at 5:04 AM 李玉珏@163 <18624049...@163.com> wrote: > > > > > If the third party library is incompatible with the new version and the > > > old version (such as lucene3.5.0-5.5.2), and the dependent version of > > > Ignite is older, it may cause conflicts in the user's system. > > > For such scenarios, I think that updating third-party dependencies's > > > major version is valuable. > > > > > > > > > 在 2017/8/17 上午8:26, Denis Magda 写道: > > > > I would respond why do we need to update? Some bug, new capabilities, > > > security breach? Alexey K., please shed some light on this. > > > > > > > > — > > > > Denis > > > > > > > >> On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan < > dsetrak...@apache.org > > > > > > wrote: > > > >> > > > >> On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <dma...@apache.org> > > wrote: > > > >> > > > >>> Honestly, I wouldn’t touch a dependency if it works like a charm > and > > > >>> nobody requested us to migrate to a new version. > > > >>> > > > >>> Why do you need to update Apache Common coded? > > > >>> > > > >> Not sure I agree. Why not update it? > > > >> > > > >> > > > >>> > > > >>> — > > > >>> Denis > > > >>> > > > >>>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov < > > akuznet...@apache.org > > > > > > > >>> wrote: > > > >>>> Done > > > >>>> > > > >>>> https://issues.apache.org/jira/browse/IGNITE-6090 > > > >>>> > > > >>>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < > > > >>> dsetrak...@apache.org> > > > >>>> wrote: > > > >>>> > > > >>>>> The answer is Yes, we should update. Jira ticket assigned to the > > next > > > >>>>> release should be enough in my view. > > > >>>>> > > > >>>>> D. > > > >>>>> > > > >>>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < > > > >>> akuznet...@apache.org> > > > >>>>> wrote: > > > >>>>> > > > >>>>>> Hi, All! > > > >>>>>> > > > >>>>>> Do we have any policy for updating third-party dependencies? > > > >>>>>> > > > >>>>>> For example, I found that we are using very old Apache Common > > codec > > > >>>>> v.1.6 > > > >>>>>> (released in 2011) > > > >>>>>> And latest is Apache Common codec v.1.10 > > > >>>>>> > > > >>>>>> Do we need to update to new versions from time to time? > > > >>>>>> And how? > > > >>>>>> > > > >>>>>> Just create JIRA issue, update pom.xml and run all tests on TC - > > > will > > > >>> be > > > >>>>>> enough? > > > >>>>>> > > > >>>>>> -- > > > >>>>>> Alexey Kuznetsov > > > >>>>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Alexey Kuznetsov > > > >>> > > > > > > > > > > > >
