+1 to smore's assertion here.
We do not have the same sort of compatibility issues that others do which require shims and the like.
Our use of the hadoop common functionality doesn't really have wire level compatibility issues like APIs.
The Hadoop Auth Provider can leverage the Hadoop 3 facilities without having a compatibility issue with Hadoop 2.x clusters - as the authentication is encapsulated within the Knox process itself and identity is typically asserted via doas/user.name params - which remains compatible.
Same dynamic for the Hadoop Groups Mapping integration in the Hadoop Group Lookup Provider.
I also know of downstream testing of Knox 0.14.0 with Hadoop 3 dependencies.
We should be fine.
Also, I think the separation of 0.14.0 and 1.0.0 on the Hadoop version boundary makes a lot of sense.
Functionality will be largely the same therefore one can put off uptake of 1.0.0 until there is comfort with Hadoop 3 migration - if so desired.
In my opinion, we need to be very careful about any technology upgrades this late in the game. It would be wise to at least do testing against Hadoop 3 though to identify incompatibilities, etc. I would think we want Knox 1.0.0 to work again both 2.x and 3.x if at all possible.