zhouaoe commented on PR #7205: URL: https://github.com/apache/hadoop/pull/7205#issuecomment-3983354956
> @drankye @zhouaoe @cnauroth @steveloughran I identified some dependency issues druing integrating Hadoop 3.5.0 RC0 with Spark > > in this PR, the dependency `com.aliyun.oss:aliyun-sdk-oss` is upgraded from 3.13.2 to 3.18.1, it pulls new transitive deps, should LICENSE/NOTICE be updated? > > * aliyun-java-core-0.2.11-beta.jar > * dom4j-2.1.4.jar > * java-trace-api-0.2.11-beta.jar > * opentelemetry-api-1.49.0.jar > * opentelemetry-context-1.49.0.jar > * reactive-streams-1.0.3.jar > > and, there are two `beta` version deps, which might cause stability concerns for users and downstream projects, are those deps necessary or optional? could it be replaced with a stable version? > > additionally, [HADOOP-19696](https://issues.apache.org/jira/browse/HADOOP-19696) (fixed in 3.5.0, 3.4.3) changes the binary distribution layout, a connector with a lot of transitive deps may introduce potential complexity and cause class conflicts issue, so it would be good if that `aliyun-sdk-oss` can provide a shaded version, then hadoop and downstream projects won't fall into dependency hall. Received. I will start optimizing immediately. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
