Hi, First of all, I am not familiar with YARN code so I'm not really in the position to make such a claim. But while releasing Hadoop 3.3.6, I found that a number of YARN modules are seldom updated nor maintained.
1. There are hundreds of npm javascript module vulnerability alerts in GitHub repo, many of them at critical level. 2. There are very little bug fixes and features in YARN applications, YARN CSI and YARN registry. There are only occasional updates due to typos, or dependency updates, which suggests that they aren't being actively maintained. I wonder if there are developers actively using or maintaining them. Would it make sense to move the code to a separate repo and a different release line? Or even deprecate them? Because having ill-maintained code is a burden for release managers. Thoughts? Looking for feedbacks Weichiu
