Sounds like its suggestion to improve the process...I feel that should be discussed in different thread; not part of release voting.
-Anil. On Thu, Apr 5, 2018 at 10:10 AM, Jared Stewart <stewart.ja...@gmail.com> wrote: > Out of curiosity, what was Pulkit's suggestion? I don't see it in this > thread. > > On Thu, Apr 5, 2018, 8:32 AM Alexander Murmann <amurm...@pivotal.io> > wrote: > > > I am very much in favor of Pulkit's suggestion. We've previously > discussed > > using something like > > https://github.com/nebula-plugins/gradle-dependency-lock-plugin. This > > would > > make a process like Pulkit describes very easy. We could easily be on the > > latest versions that are known to work and at the same time capture which > > dependencies cannot easily be upgraded. This would safe lots of manual > work > > and also provide greater transparency to us into where actual human > effort > > is required to get back catch up with latest. > > > > On Thu, Apr 5, 2018 at 8:12 AM, Anthony Baker <aba...@pivotal.io> wrote: > > > > > I created https://issues.apache.org/jira/browse/GEODE-5001 for this. > > > > > > Anthony > > > > > > > > > > On Apr 4, 2018, at 5:39 PM, John Blum <jb...@pivotal.io> wrote: > > > > > > > > +0 > > > > > > > > > > > > The Apache Geode *Log4j* dependency version *2.8.2* is or will cause > > > > significant issues for apps, and in particular *Spring Boot* 2.0 > apps. > > > > > > > > This Geode Log4j version is already quite dated as *Log4j 2.11.0* is > > now > > > > already available [1] and *Spring Boot* 2.0 pulls in *Log4j 2.10.0* > > [2]. > > > > > > > > >
