+1 (non-binding) On Fri, Apr 24, 2026 at 2:14 PM Jungtaek Lim <[email protected]> wrote:
> +1 (non-binding) > > Thanks for raising the proposal! > > 2026년 4월 24일 (금) 오후 8:23, Mark Hamstra <[email protected]>님이 작성: > >> +1 >> >> On Fri, Apr 24, 2026 at 3:15 AM Cheng Pan <[email protected]> wrote: >> > >> > +1 (non-binding) >> > >> > Java/Scala deps are controlled manually so it’s easy to audit, also >> looking forward to a lock file (or similar things) for Python deps so we >> know which exact version of deps are used for testing. >> > >> > Thanks, >> > Cheng Pan >> > >> > >> > >> > On Apr 24, 2026, at 18:03, Steve Loughran <[email protected]> wrote: >> > >> > >> > +1 (non binding) >> > >> > On Fri, 24 Apr 2026 at 00:03, Tian Gao via dev <[email protected]> >> wrote: >> >> >> >> Hi, as discussed in >> https://lists.apache.org/thread/lwgqo36pqzlddtq2f8fxy6c1jj8go4x6 , I'm >> proposing a vote for a buffer time to upgrade our dependencies. >> >> >> >> The proposal is: >> >> For the apache/spark repo only, we can only upgrade third-party >> dependencies (including Apache projects) to a version released at least >> seven days ago. This covers Java, Python and all other dependencies. >> Security upgrades are exempted and will be conducted by PMCs. >> >> >> >> [ ] +1: approve >> >> [ ] 0: no opinion >> >> [ ] - 1: disapprove >> >> >> >> This is a procedural vote (no code change) so we need a simple >> majority (more +1s than -1s). >> >> >> >> Tian >> > >> > >> >> --------------------------------------------------------------------- >> To unsubscribe e-mail: [email protected] >> >>
