[jira] [Commented] (HADOOP-19352) Hadoop OSS Connector adds support for V4 signatures.

Sun, 01 Mar 2026 18:00:10 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-19352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18062002#comment-18062002
 ] 

ASF GitHub Bot commented on HADOOP-19352:
-----------------------------------------

pan3793 commented on PR #7205:
URL: https://github.com/apache/hadoop/pull/7205#issuecomment-3981600333

   @drankye @zhouaoe @cnauroth @steveloughran I identified some dependency 
issues druing integrating Hadoop 3.5.0 RC0 with Spark
   
   in this PR, the dependency `com.aliyun.oss:aliyun-sdk-oss` is upgraded from 
3.13.2 to 3.18.1, it pulls new transitive deps, should LICENSE/NOTICE be 
updated?
   
   - aliyun-java-core-0.2.11-beta.jar
   - dom4j-2.1.4.jar
   - java-trace-api-0.2.11-beta.jar
   - opentelemetry-api-1.49.0.jar
   - opentelemetry-context-1.49.0.jar
   - reactive-streams-1.0.3.jar
   
   and, there are two `beta` version deps, which might cause stability concerns 
for users and downstream projects, are those deps necessary or optional? could 
it be replaced with a stable version?
   
   additionally, HADOOP-19696 (fixed in 3.5.0, 3.4.3) changes the binary 
distribution layout, a connector with a lot of transitive deps may introduce 
potential complexity and cause class conflicts issue, so it would be good if 
that `aliyun-sdk-oss` can provide a shaded version, then hadoop and downstream 
projects won't fall into dependency hall.




> Hadoop OSS Connector adds support for V4 signatures.
> ----------------------------------------------------
>
>                 Key: HADOOP-19352
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19352
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/oss
>            Reporter: zhouao
>            Assignee: zhouao
>            Priority: Major
>              Labels: pull-request-available
>
> AliyunOSS is about to adjust its security policy: only V4 signature requests 
> will be supported in the public cloud. Therefore, support for V4 signatures 
> is also required in Hadoop, and V4 signatures will be the default.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to