Hi, I have uploaded the PR for pinning the submodule commit SHA. https://github.com/apache/cloudberry/pull/1084
And I put the discussion here: https://github.com/apache/cloudberry/discussions/1083 On Tue, Apr 29, 2025 at 4:00 PM Ed Espino <esp...@apache.org> wrote: > As we need to track a specific versions of the modules, I prefer > submodules. Let me know if you have any questions. > > Thank you for taking a look at this. > > -=e > > Ed Espino > 925.389.4640 > > > On Mon, Apr 28, 2025 at 9:23 PM Jun Sheng <chaoseter...@gmail.com> wrote: > > > I can take them. Any prerequisite? > > > > By the way, shall we switch to subtree instead of submodule? > > > > On Tue, Apr 29, 2025 at 11:01 AM Ed Espino <esp...@apache.org> wrote: > > > > > Hi all, > > > > > > As part of the recent PAX feature work, several new Git submodules have > > > been introduced into the Apache Cloudberry (Incubating) repository. > After > > > reviewing these additions, I noticed two important issues that should > be > > > addressed before finalizing the v2.0.0 release: > > > > > > 1. Submodule Pinning > > > - Several submodules are currently pulling from `main` or an active > > > branch (`v1.15.x`), rather than being pinned to a specific commit SHA. > > > - This could lead to non-reproducible builds over time, as upstream > > > changes may alter the submodule contents unexpectedly. > > > - To ensure reproducibility and long-term stability, the submodules > > > should be updated to point to specific SHAs. > > > > > > 2. License Management > > > - Each submodule introduces third-party code, and the corresponding > > > license files need to be collected. > > > - The license texts should be added to the `licenses/` directory, > and > > > the top-level `LICENSE` file updated to reference each included > > dependency > > > and its license type. > > > > > > Submodules involved: > > > - `gpcontrib/gpcloud/test/googletest` > > > - `contrib/pax_storage/src/cpp/contrib/googletest` > > > - `contrib/pax_storage/src/cpp/contrib/tabulate` > > > - `contrib/pax_storage/src/cpp/contrib/googlebench` > > > - `contrib/pax_storage/src/cpp/contrib/cpp-stub` > > > - `dependency/yyjson` > > > > > > Call for Volunteer: > > > Would someone be willing to volunteer to investigate and address these > > two > > > items? > > > Taking care of this now will help us avoid potential issues during the > > > v2.0.0 release process. > > > > > > Please reply here if you are able to help. I am happy to assist or help > > > review any proposed updates. > > > > > > Thanks in advance, > > > -=e > > > > > > -- > > > Ed Espino > > > Apache Cloudberry (Incubating) & MADlib > > > > > >