+1 for releasing 0.8.1. Thanks for starting this discussion, Rui. Is there any official ASF protocol for dealing with this situation? I think we should warn users about the unintended GPL dependency included in 0.8.0. Perhaps we can do that by adding a warning to the GitHub Release page for 0.8.0 [0] and sending a note to the users mailing list?
Also, does Go have any tooling we can add to our release process to help prevent this kind of error in future releases? Thanks, Michael [0] https://github.com/apache/pulsar-client-go/releases/tag/v0.8.0 On Mon, Mar 7, 2022 at 7:59 PM Rui Fu <r...@apache.org> wrote: > > Thanks for all your votings, I will start working on the release. > > On 2022/03/07 19:14:00 Sijie Guo wrote: > > +1 > > > > On Sun, Mar 6, 2022 at 6:46 PM r...@apache.org <ranxiaolong...@gmail.com> > > wrote: > > > > > +1 > > > > > > -- > > > Thanks > > > Xiaolong Ran > > > > > > PengHui Li <peng...@apache.org> 于2022年3月5日周六 18:10写道: > > > > > > > +1 > > > > > > > > Penghui > > > > > > > > On Sat, Mar 5, 2022 at 4:58 AM Matteo Merli <matteo.me...@gmail.com> > > > > wrote: > > > > > > > > > +1 Thanks Rui, we should eliminate the GPL dependency ASAP. > > > > > > > > > > > > > > > > > > > > -- > > > > > Matteo Merli > > > > > <matteo.me...@gmail.com> > > > > > > > > > > On Thu, Mar 3, 2022 at 2:08 AM Rui Fu <r...@apache.org> wrote: > > > > > > > > > > > > Hi everyone, > > > > > > > > > > > > I would like to start a discussion here about starting a new release > > > of > > > > > > pulsar-client-go v0.8.1. Recently we have some of dependencies > > > updated > > > > > PRs > > > > > > from the community, [1] is bumping `github.com/beefsack/go-rate` > > > <http://github.com/beefsack/go-rate> > > > > <http://github.com/beefsack/go-rate> > > > > > <http://github.com/beefsack/go-rate> to the > > > > > > latest version, which migrates the license from GPL to MIT. [2] is > > > > > bumping ` > > > > > > github.com/prometheus/client_golang` > > > <http://github.com/prometheus/client_golang> > > > > <http://github.com/prometheus/client_golang> > > > > > <http://github.com/prometheus/client_golang> to address the > > > > > CVE-2022-21698. For > > > > > > more details, please check the links below. > > > > > > > > > > > > As the v0.8.0 was just released weeks ago and the next release will > > > > start > > > > > > about 2 month later, I think we should start the release of v0.8.1. > > > > > > > > > > > > [1]: https://github.com/apache/pulsar-client-go/pull/735 > > > > > > [2]: https://github.com/apache/pulsar-client-go/pull/738 > > > > > > > > > > > > -- > > > > > > > > > > > > Best Regards, > > > > > > > > > > > > Rui Fu > > > > > > > > > > > > > >
