It sounds like the version release was triggered due to security issues. If so, I think we need to update our release policy.
Only when a fatal security issue occurs can we trigger a release of a new version, but we also need to clarify the maintenance cycle, otherwise this maintenance is endless. Thanks, Zixuan Xiangying Meng <xiangy...@apache.org> 于2024年3月6日周三 16:45写道: > Dear Zixuan, > > Thank you for your email and your ongoing commitment to the Pulsar project. > > I wanted to clarify that this release, 2.10.6, is a special case. It > was primarily focused on addressing certain security issues that were > deemed critical. This decision was made following internal discussions > within the PMC. > > I completely understand and respect the release policy defined by > Pulsar [0]. Under normal circumstances, we would indeed follow the > policy and consider version 2.10 as EOL, ceasing further maintenance. > > However, given the exceptional nature of this release and the > importance of the security issues it addresses, we felt it was > necessary to make an exception in this case. > > Thank you for your understanding and for bringing this to our > attention. We appreciate your diligence in adhering to Pulsar's > release policy. > > Best regards, > > Xiangying > > On Wed, Mar 6, 2024 at 4:22 PM Zixuan Liu <node...@gmail.com> wrote: > > > > Thank you for releasing 2.10.6. > > > > According to the release policy defined [0] by Pulsar, this version is > EOL and > > does not require further maintenance. > > > > If we need to continue to maintain the 2.10, we must discuss the > > maintenance lifecycle of the 2.10, and update our doc. > > > > - [0] https://pulsar.apache.org/contribute/release-policy/ > > > > Thanks, > > Zixuan > > > > > > Xiangying Meng <xiangy...@apache.org> 于2024年3月6日周三 11:15写道: > > > > > This is the first release candidate for Apache Pulsar, version 2.10.6. > > > > > > It fixes the following issues: > > > > > > > https://github.com/apache/pulsar/pulls?q=is:pr+label:cherry-picked/branch-2.10+label:release/2.10.6+is:closed > > > > > > *** Please download, test and vote on this release. This vote will stay > > > open > > > for at least 72 hours *** > > > > > > Note that we are voting upon the source (tag), binaries are provided > for > > > convenience. > > > > > > Source and binary files: > > > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-2.10.6-candidate-1/ > > > > > > SHA-512 checksums: > > > > > > > 09f29265f8173331d4c05b470c4e77a31146172b27ef333f45d8c8a19074ef25061cb1e80872fc45c323c9ce8e2e17989c6df5d991ef84c4d245197303d9e6d7 > > > apache-pulsar-2.10.6-bin.tar.gz > > > > > > > 49c8836882818c6f38748dae26b51c598f163606c16993a3287ab1ce9f853a4aaa43c6729c1b6f6957738b4dead3818cd12026da68b328eb2d4ac0d0214957bb > > > apache-pulsar-2.10.6-src.tar.gz > > > > > > Maven staging repo: > > > > https://repository.apache.org/content/repositories/orgapachepulsar-1270 > > > > > > The tag to be voted upon: > > > v2.10.6-candidate-1 (9c29b76ff2be865429ad44df8683aec80deacfba) > > > https://github.com/apache/pulsar/releases/tag/v2.10.6-candidate-1 > > > > > > Pulsar's KEYS file containing PGP keys you use to sign the release: > > > https://downloads.apache.org/pulsar/KEYS > > > > > > Docker images: > > > > > > <link of the pulsar images> > > > > > > > https://hub.docker.com/layers/xiangyingmeng/pulsar/2.10.6/images/sha256-bf8f36e49ff44ef810ab2c76742121205e51d3a04c79afdb5d288c7d8a06443f?context=repo > > > > > > <link of the pulsar-all image> > > > > > > > https://hub.docker.com/layers/xiangyingmeng/pulsar-all/2.10.6/images/sha256-1b3a10db12f6d5a0acd2d4ed73eb11864b6b598294bb905b6ede34aef1157f23?context=repo > > > > > > Please download the source package, and follow the README to build > > > and run the Pulsar standalone service. > > > >
