THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Superseded by: N/A
Related: N/A
Problem
We recently updated the dependencies for the log4j version used in Geode to keep up with Spring Boot Data Geode's logging dependencies. As far as I know, we do not have a process to keep dependencies up to date or regularly scheduled updates to them. Currently, I believe this is handled ad-hoc which hasn't necessarily caused any major issues but could.
Anti-Goals
Solution
Directly after GA release of Geode minor version:
The release manager for the most recently released version of Geode would review any dependencies in the Geode project (presumably this will/could be automated).
- For a minor release, only minor version dependency updates should be considered
- For a major release, major versions should be considered
The release manager would submit a PR to update dependencies and then the community should pitch in to tackle any subsequent issues that arise from the updating of dependencies. *Note the first time this happens maybe painful*
In-between releases:
We keep doing what we are doing:
- Ad-hoc dependency updates as necessary
- Major dependencies could still be made during minor releases of Geode on a case-by-case basis
When a new release manager is chosen:
The release manager would send out an email as the last call for dependency updates that would coincide with a proposed release branch cut date. This would give everyone a reminder that if they need to update a dependency prior to the release there is limited time left in order to do so.
Changes and Additions to Public Interfaces
...