Hi Christo, +1 (binding)
Thanks for the KIP On Fri, Apr 14, 2023 at 7:32 PM Colin McCabe <cmcc...@apache.org> wrote: > > On Sun, Apr 9, 2023, at 19:17, Ismael Juma wrote: > > > > On Sun, Apr 9, 2023 at 4:53 PM Colin McCabe <cmcc...@apache.org> wrote: > > > >> We are going to deprecate ZK mode soon. So if this is indeed a requirement > >> (no deprecated software in prod), perhaps those users will have to move to > >> KRaft mode. (Independently of what we decide here) > >> > > > > Not sure where "no deprecated software in prod" is coming from. The concern > > is regarding end-of-life software - i.e. software that no longer receives > > security fixes. If we don't upgrade beyond 3.6.x, we'll be in a tough > > position when a CVE is fixed only in ZooKeeper 3.7.x, 3.8.x, etc. If it's a > > serious security problem, then it's likely that an additional release of > > ZooKeeper 3.6.x might be released. But the more likely case is that a > > library dependency will have a CVE that will trigger the compliance checks > > from enterprise users, but not warrant another ZooKeeper 3.6.x release. > > Hi Ismael, > > Fair enough. There is a difference between deprecated and unsupported. ZK > 3.6.x is unsupported which is worse than deprecated, since it means it will > not be updated. > > Overall, I agree with you that we're going to have to move to the new version > of ZK. This fits in with the overall timeline of one more year of Kafka > releases supporting ZK. If Apache Kafka 4.0 is April 2024, we'll need to be > getting security updates for ZK during this time. > > On Wed, Apr 12, 2023, at 08:45, Christo Lolov wrote: > > Hello Colin, > > > > Thank you for the response! > > > > 1. I have attached the compatibility matrix in the KIP under the section > > Compatibility, Deprecation, and Migration Plan. > > Hi Christo, > > Thanks for attaching the matrix to the KIP. > > I don't understand why Kafka clients are part of this matrix. The Kafka > client doesn't use ZK directly. (Well, certain very ancient pre-1.0 Kafka > clients did, but that was a long time ago). So let's remove this. > > If I understand this correctly, the main documentation that will be needed is > for pre-2.4 Kafka releases. Assuming they keep everything "stock" (which in > my experience most users do), the net-net is that pre-2.4 releases need to > make an extra hop through a post-2.4, pre-3.6 release. We will have to > document that as prominently as we can. > > I am +1 for this with the proviso that we do it in 3.6. We should update the > version as soon as we can post-3.5 so that any bugs shake out as soon as > possible. > > best, > Colin
