On Sun, Feb 4, 2024 at 11:55 AM Dave Fisher <w...@apache.org> wrote:
> 2. Other questions. If the base Pulsar will now depend on Oxia and no > longer use Zookeeper? Or is Oxia an option? Will Oxia be included as a > Pulsar dependency in Pulsar convenience binaries? > It stated clearly in the proposal that: "It's not in the scope of this proposal to change any default behavior or configuration of Pulsar." This is an extra option. Oxia server does not need to be included in Pulsar distribution, the Helm chart will be able to point to Oxia server Docker images. > Can you explain how this would be *any* different here? > > Adding dependencies should be more than getting the LICENSE and NOTICE > correct. It should be a deliberate choice. > > What’s a little different here is that Oxia may not be tracked for CVEs by > dependabot. Another difference I’m OK with is that it is maintained by so > many who are also members of this community. > It's already tracking CVEs for all dependencies and Oxia images are automatically scanned for vulnerabilities. Thanks, Matteo
