This vote passes with six +1 votes, one 0 and zero -1 votes. Summary: Sai Boorlagadda +1 Michael Stolz +1 Dan Smith +1 Jinmei Liao +1 Bruce Schuchardt +1 John Blum +0 Anthony Baker +1
On Thu, Apr 5, 2018 at 10:15 AM Anilkumar Gingade <aging...@pivotal.io> wrote: > Sounds like its suggestion to improve the process...I feel that should be > discussed in different thread; not part of release voting. > > -Anil. > > > On Thu, Apr 5, 2018 at 10:10 AM, Jared Stewart <stewart.ja...@gmail.com> > wrote: > > > Out of curiosity, what was Pulkit's suggestion? I don't see it in this > > thread. > > > > On Thu, Apr 5, 2018, 8:32 AM Alexander Murmann <amurm...@pivotal.io> > > wrote: > > > > > I am very much in favor of Pulkit's suggestion. We've previously > > discussed > > > using something like > > > https://github.com/nebula-plugins/gradle-dependency-lock-plugin. This > > > would > > > make a process like Pulkit describes very easy. We could easily be on > the > > > latest versions that are known to work and at the same time capture > which > > > dependencies cannot easily be upgraded. This would safe lots of manual > > work > > > and also provide greater transparency to us into where actual human > > effort > > > is required to get back catch up with latest. > > > > > > On Thu, Apr 5, 2018 at 8:12 AM, Anthony Baker <aba...@pivotal.io> > wrote: > > > > > > > I created https://issues.apache.org/jira/browse/GEODE-5001 for this. > > > > > > > > Anthony > > > > > > > > > > > > > On Apr 4, 2018, at 5:39 PM, John Blum <jb...@pivotal.io> wrote: > > > > > > > > > > +0 > > > > > > > > > > > > > > > The Apache Geode *Log4j* dependency version *2.8.2* is or will > cause > > > > > significant issues for apps, and in particular *Spring Boot* 2.0 > > apps. > > > > > > > > > > This Geode Log4j version is already quite dated as *Log4j 2.11.0* > is > > > now > > > > > already available [1] and *Spring Boot* 2.0 pulls in *Log4j 2.10.0* > > > [2]. > > > > > > > > > > > > > >
