You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by James Sirota <js...@hortonworks.com> on 2016/07/08 18:01:17 UTC
[VOTE] Releasing Apache Metron 0.2.0BETA-RC2
This is a call to vote on releasing Apache Metron 0.2.0BETA-RC2 incubating
Full list of changes in this release:
https://dist.apache.org/repos/dist/dev/incubator/metron/0.2.0BETA-RC2-incubating/CHANGES
The tag/commit to be voted upon is Metron_0.2.0BETA_rc2:
https://git-wip-us.apache.org/repos/asf?p=incubator-metron.git;a=commit;h=5fb4dda0e385ba030455db4c7d1290f872b688ce
The source archive being voted upon can be found here:
https://dist.apache.org/repos/dist/dev/incubator/metron/0.2.0BETA-RC2-incubating/apache-metron-0.2.0BETA-RC2-incubating.tar.gz
Other release files, signatures and digests can be found here:
https://dist.apache.org/repos/dist/dev/incubator/metron/0.2.0BETA-RC2-incubating
The release artifacts are signed with the following key:
https://git-wip-us.apache.org/repos/asf?p=incubator-metron.git;a=blob_plain;f=KEYS;hb=refs/tags/Metron_0.2.0BETA_rc2
Please vote on releasing this package as Apache Metron 0.2.0BETA-RC2 incubating
When voting, please list the actions taken to verify the release.
Recommended build validation and verification instructions are posted here:
https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds
This vote will be open for at least 72 hours.
[ ] +1 Release this package as Apache Metron 0.2.0BETA-RC2 incubating
[ ] 0 No opinion
[ ] -1 Do not release this package because...
-------------------
Thank you,
James Sirota
PPMC- Apache Metron (Incubating)
jsirota AT apache DOT org
Re: [VOTE] Releasing Apache Metron 0.2.0BETA-RC2
Posted by Casey Stella <ce...@gmail.com>.
Ok, fair points. The discussion was within the project's mailing list here
<https://mail-archives.apache.org/mod_mbox/incubator-metron-dev/201603.mbox/%3CCAPpQHK1+n9y3VJNHnR2rHpK4fyqQm3p=do3m6LuWf+0Z=4CnpA@mail.gmail.com%3E>
rather
than a discussion with legal. As such, we're going to do the work to
remove that reference data and cut a new release candidate. Thanks for the
attention again. :)
Best,
Casey
On Mon, Jul 11, 2016 at 10:11 AM, Justin Mclean <ju...@classsoftware.com>
wrote:
> Hi,
>
> > <
> https://github.com/STIXProject/stixproject.github.io/blob/master/LICENSE>.
> > If you think it's clearer, we can pull it into its own file and mention
> it
> > in the LICENSE for next release
>
> Sounds fine to me.
>
> > Regarding the effective_tld_names.dat, we had this discussion last
> release
> > and believe that they are reference data and should be considered
> > acceptable.
>
> The nothing that I can see in the legal answered questions to say that
> Category B “reference data” in text form is acceptable.
>
> Was this discussed on legal discuss? Is there a JIRA anywhere saying it’s
> OK to make a source release containing those files?
>
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: [VOTE] Releasing Apache Metron 0.2.0BETA-RC2
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> <https://github.com/STIXProject/stixproject.github.io/blob/master/LICENSE>.
> If you think it's clearer, we can pull it into its own file and mention it
> in the LICENSE for next release
Sounds fine to me.
> Regarding the effective_tld_names.dat, we had this discussion last release
> and believe that they are reference data and should be considered
> acceptable.
The nothing that I can see in the legal answered questions to say that Category B “reference data” in text form is acceptable.
Was this discussed on legal discuss? Is there a JIRA anywhere saying it’s OK to make a source release containing those files?
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Releasing Apache Metron 0.2.0BETA-RC2
Posted by Casey Stella <ce...@gmail.com>.
Thanks for the careful attention, Justin.
Regarding the sample data for the StixExtractorTest.java, that came from
here
<https://github.com/STIXProject/stixproject.github.io/blob/master/getting-started/sample-walkthrough/IP_Watchlist-1.2.xml>
and
I considered it to be 3-clause BSD licensed due to the underlying project
license here
<https://github.com/STIXProject/stixproject.github.io/blob/master/LICENSE>.
If you think it's clearer, we can pull it into its own file and mention it
in the LICENSE for next release (JIRA here
<https://issues.apache.org/jira/browse/METRON-297>).
Regarding the effective_tld_names.dat, we had this discussion last release
and believe that they are reference data and should be considered
acceptable. We did note them in the LICENSE here
<https://github.com/apache/incubator-metron/blob/master/LICENSE#L205>. The
rationale around why we think they should be acceptable as per category B
is as follows:
- It's reference data, so not source code, so I feel that the category B
wording was trying to make the distinction between source code and non-src
code (i.e. "binary/object" in their language)
- It's not source code, so paragraph 3 shouldn't apply, but even so, it
has not changed since the last release
- It's currently only supported for a legacy enrichment adapter, but
will be removed next release as we found a better way of doing things.
Thoughts?
Best,
Casey
On Fri, Jul 8, 2016 at 10:45 PM, Justin Mclean <ju...@classsoftware.com>
wrote:
> Hi,
>
> -1 (binding) until MPL licensed source issue resolved.
>
> I checked:
> - name contains incubating
> - signatures and hashes good
> - DISCLAIMER exists
> - LICENSE is OK, but look to be missing one permissive license? and
> assuming its ok it would be best if the MPL was in another file.
> - NOTICE is OK (but perhaps requires a notice from MPL?)
> - All ASF source file have apache header
> - No unexpected binary files
> - Can compile from source
>
> For the license I think this file [1] may incorrectly have an apache
> header. I’m also unsure of it’s license, but it’s likely to be permissive
> [2] and needs to be mentioned in LICENSE. Can you fix this in the next
> release please.
>
> There is a more serious issue in that the source includes MPL licensed
> files.[4][5][6] This is a category B license [3] and as such files under
> these terms can only included in binary form, but they plain text. They are
> not small (10,000 lines) and given they contain list of domain name it
> seems likely they they would change so I don’t think the last paragraph in
> [3] applies either. It would also be a good idea to list where they come
> from.
>
> Thanks,
> Justin
>
> 1.
> ./metron-platform/metron-data-management/src/test/java/org/apache/metron/dataloads/extractor/stix/StixExtractorTest.java
> 2. http://stixproject.github.io/legal/
> 3. http://www.apache.org/legal/resolved.html#category-b
> 4.
> ./metron-platform/metron-common/src/test/resources/effective_tld_names.dat
> 5.
> ./metron-platform/metron-enrichment/src/main/resources/effective_tld_names.dat
> 6.
> ./metron-platform/metron-parsers/src/test/resources/effective_tld_names.dat
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: [VOTE] Releasing Apache Metron 0.2.0BETA-RC2
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
-1 (binding) until MPL licensed source issue resolved.
I checked:
- name contains incubating
- signatures and hashes good
- DISCLAIMER exists
- LICENSE is OK, but look to be missing one permissive license? and assuming its ok it would be best if the MPL was in another file.
- NOTICE is OK (but perhaps requires a notice from MPL?)
- All ASF source file have apache header
- No unexpected binary files
- Can compile from source
For the license I think this file [1] may incorrectly have an apache header. I’m also unsure of it’s license, but it’s likely to be permissive [2] and needs to be mentioned in LICENSE. Can you fix this in the next release please.
There is a more serious issue in that the source includes MPL licensed files.[4][5][6] This is a category B license [3] and as such files under these terms can only included in binary form, but they plain text. They are not small (10,000 lines) and given they contain list of domain name it seems likely they they would change so I don’t think the last paragraph in [3] applies either. It would also be a good idea to list where they come from.
Thanks,
Justin
1. ./metron-platform/metron-data-management/src/test/java/org/apache/metron/dataloads/extractor/stix/StixExtractorTest.java
2. http://stixproject.github.io/legal/
3. http://www.apache.org/legal/resolved.html#category-b
4. ./metron-platform/metron-common/src/test/resources/effective_tld_names.dat
5. ./metron-platform/metron-enrichment/src/main/resources/effective_tld_names.dat
6. ./metron-platform/metron-parsers/src/test/resources/effective_tld_names.dat
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org