You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by Ankit Singhal <an...@gmail.com> on 2016/07/14 04:54:11 UTC
[VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Hello Everyone,
This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
The release includes both a source-only release and a convenience binary
release.
This release has feature parity with our other pending 4.8.0 releases and
includes the following improvements:
- Local Index improvements[1]
- Phoenix hive integration[2]
- Namespace mapping support[3]
- Many VIEW enhancements[4]
- Offset support for paging queries[5]
- 100+ Bugs resolved[6]
- Many performance enhancements(related to StatsCache, distinct, Serial
query with Stats etc)
The source tarball, including signatures, digests, etc can be found at:
https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
The binary artifacts can be found at:
https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
For a complete list of changes, see:
*https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
<https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120>*
Release artifacts are signed with the following key:
*https://people.apache.org/keys/committer/ankit.asc
<https://people.apache.org/keys/committer/ankit.asc>*
KEYS file available here:
https://dist.apache.org/repos/dist/dev/phoenix/KEYS
The hash and tag to be voted upon:
*https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
<https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138>*
https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Thanks,
The Apache Phoenix Team
[1] https://issues.apache.org/jira/browse/PHOENIX-1734
[2] https://issues.apache.org/jira/browse/PHOENIX-2743
[3] https://issues.apache.org/jira/browse/PHOENIX-1311
[4] https://issues.apache.org/jira/browse/PHOENIX-1508
[5] https://issues.apache.org/jira/browse/PHOENIX-2722
[6] *https://issues.apache.org/jira/browse/filter=12337975#
<https://issues.apache.org/jira/browse/filter=12337975#>*
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Josh Elser <jo...@gmail.com>.
Sure thing, James. Will resume in the morning when fresh. Exhausted most
of my weekend motivations :)
Honestly, fixing the tracing UI for the source release should be very
simple. Pretty much need to copy the info from my first note into LICENSE.
I'm still mulling over whether or not I want to suggest scraping the
"binary" release until licensing issues are addressed (oops, I guess I
spoiled the secret). I'm having a really hard time trying to suggest a
path forward that doesn't involve "hold all releases until licensing is
addressed". Need to mull it over more and talk to some others on the
subject.
James Taylor wrote:
> Thanks for going through the release, Josh. One partial quick fix might be
> to exclude the trace app from both the source and binary distributions and
> move it to github as more of a community add-on (we have a few of these
> already). To be honest, I don't think it's had much community uptake - a UI
> it a bit outside of the scope with a different skill set than a distributed
> database.
>
> We need to fix the other stuff, though.
>
> Would you mind filing some JIRAs for these, Josh.
>
> Thanks,
> James
>
>
> On Sun, Jul 17, 2016 at 9:42 PM, Andrew Purtell<an...@gmail.com>
> wrote:
>
>> A partial prescription:
>>
>> - Looks like no updates to LICENSE or NOTICE were done when the trace app
>> GSoC project was merged, hence the issues with bootstrap and other bundled
>> JavaScript. Time to do a top to bottom review?
>>
>> - Prune RAT exclusions to the minimum and fix reported issues.
>>
>> - Over on HBase we also faced a big divergence in what is included in
>> source and binary convenience artifacts, due to the ton of extra deps that
>> come with upstream binaries and runtime concerns like embedded UIs. We
>> fixed this through maven based automated assembly of binary LICENSE and
>> NOTICE files using templates and velocity macros. Sean Busbey did the
>> lion's share of the work. Refer to
>> https://issues.apache.org/jira/browse/HBASE-14085 . It was a significant
>> effort.
>>
>>
>>
>>> On Jul 17, 2016, at 10:53 AM, Josh Elser<el...@apache.org> wrote:
>>>
>>> -1 (non-binding) from me with my Phoenix hat on (avoiding putting on the
>> ASF member hat for now). Lots of wrong licensing stuff in here -- as-in,
>> this should very definitely not go out as a release. I hope the Phoenix PMC
>> steps up to -1 this release on their own.
>>> *** Source release:
>>>
>>> Good:
>>> * MD5 and GPG sig is fine
>>> * KEYS is good
>>> * Did not find any binary files
>>> * Was able to build the source code
>>>
>>> Bad:
>>> * SHA1 xsum is wrong. It looks like complete nonsense to me, but I can't
>> find the appropriate xsum in that file (which was
>> 64208164580f3467cd2c8b51c0d9f8ac37f0c671)
>>> * Lots of "Copyright ASF" in Java source files which should not be there.
>>> * No license headers on any Apache Phoenix JS files. Looks like these
>> are completely ignored by the apache-rat check which is very bad.
>>> - All properties files are ignored. They can and should have license
>> headers (./phoenix-pherf/src/test/resources/pherf.test.properties is
>> missing headers now, and is just garbled)
>>> * Would be good to have the artifact name be
>> "apache-phoenix-$version.tar.gz" as that's the project's proper name.
>>> * NOTICE problems
>>> - No Apache Phoenix copyright (should be 20XX-2016)
>>> - Source release does not include HBase, Hadoop, or Commons, does it?
>> Do we have copied code from these projects in Phoenix source?
>>> - JUnit, SLF4j, JLine, and Antlr are not included in the source
>> release, they do not belong here.
>>> - Sqlline entry has the wrong website and doesn't belong in NOTICE
>> (should go in LICENSE)
>>> * LICENSE problems
>>> - ENTIRELY NO MENTION of tons of libraries:
>>> + Bootstrap (Twitter with MIT license)
>>> + JQuery (JQuery Foundation with MIT license)
>>> + AngularJS and Angular-Mocks 1.3.15 (Google, inc. with MIT license)
>>> + Angular-Routes 1.3.8 (Google, inc with MIT license)
>>> + Google Chart Api Directive Module for AngularJS (Nicolas Bouillon
>> with MIT)
>>> + angular-ui-bootstrap (http://angular-ui.github.io/bootstrap/ with
>> MIT)
>>> + Sqlline (Marc Prud'hommeaux with BSD)
>>> + Glyphicons (http://glyphicons.com with CC-By 3.0)
>>> + Fontawesome fonts (http://fontawesome.io with SIL Open Font
>> license -- which falls into category-b for the ASF for those playing along)
>>>
>>> *** Binary release:
>>>
>>> Good:
>>> * MD5 and GPG sig are fine
>>>
>>> Other:
>>> * I'm not sure how to handle the L&N for the tarball itself (since they
>> just contain JARs which are in themselves a "binary release"). e.g. should
>> the top-level L&N files contain the aggregate L&N for all JARs in the
>> binary tarball?
>>> Bad:
>>> * SHA1 is again garbled (I computed
>> 817b68246f8d9c9fc5317660ad1021752996d1f1)
>>> NOTICE problems (tarball):
>>> - Wrong Apache Phoenix copyright (2014, not 20XX-2016)
>>> - Completely different sqlline copyright/license notice than in source
>> release! Which one is correct?? Also, license information belongs in
>> LICENSE, not in NOTICE.
>>> - I would strongly bet that Apache Hadoop and HBase both have
>> information in their NOTICE files which requires propagation (e.g. things
>> other than "Copyright ASF" which is not required).
>>> LICENSE problems (tarball):
>>> - See all of the same issues from the LICENSE problems in the
>> source-release.
>>> For phoenix-client.jar:
>>> - Multiple LICENSE files lying around but nothing which seems accurate
>> for the binary artifact being released -- this information should be
>> self-contained in one file (commonly META-INF/{LICENSE,NOTICE}).
>>> - Not going to enumerate all of the issues, but I see there is at least
>> one issue in HSQLDB as it's BSD license and not included in LICENSE. I'm
>> guessing this is missing tons of necessary entries.
>>> For phoenix-tracing-webapp-4.8.0-HBase-1.2-runnable.jar:
>>> - Absolutely no mention of the bundled javascript libraries as outlined
>> in the source-release.
>>> - (A hunch) missing a necessary entry for UnixCrypt per
>> https://github.com/eclipse/jetty.project/blob/jetty-8.1.16.v20140903/NOTICE.txt.
>> There's no git tag for the 8.1.7 version we use.
>>> For now, I'm going to omit going through the rest, but I have lots of
>> fear over the other shaded jars being similarly inadequate.
>>> - Josh
>>>
>>> Ankit Singhal wrote:
>>>> Hello Everyone,
>>>>
>>>> This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
>>>> the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
>>>> The release includes both a source-only release and a convenience binary
>>>> release.
>>>>
>>>> This release has feature parity with our other pending 4.8.0 releases
>> and
>>>> includes the following improvements:
>>>> - Local Index improvements[1]
>>>> - Phoenix hive integration[2]
>>>> - Namespace mapping support[3]
>>>> - Many VIEW enhancements[4]
>>>> - Offset support for paging queries[5]
>>>> - 100+ Bugs resolved[6]
>>>> - Many performance enhancements(related to StatsCache, distinct, Serial
>>>> query with Stats etc)
>>>>
>>>> The source tarball, including signatures, digests, etc can be found at:
>>>>
>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
>>>> The binary artifacts can be found at:
>>>>
>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
>>>> For a complete list of changes, see:
>>>> *
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
>>>> <
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
>>> *
>>>> Release artifacts are signed with the following key:
>>>> *https://people.apache.org/keys/committer/ankit.asc
>>>> <https://people.apache.org/keys/committer/ankit.asc>*
>>>>
>>>> KEYS file available here:
>>>> https://dist.apache.org/repos/dist/dev/phoenix/KEYS
>>>>
>>>> The hash and tag to be voted upon:
>>>> *
>> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
>>>> <
>> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
>>> *
>> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
>>>> Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
>>>>
>>>> [ ] +1 approve
>>>> [ ] +0 no opinion
>>>> [ ] -1 disapprove (and reason why)
>>>>
>>>> Thanks,
>>>> The Apache Phoenix Team
>>>>
>>>> [1] https://issues.apache.org/jira/browse/PHOENIX-1734
>>>> [2] https://issues.apache.org/jira/browse/PHOENIX-2743
>>>> [3] https://issues.apache.org/jira/browse/PHOENIX-1311
>>>> [4] https://issues.apache.org/jira/browse/PHOENIX-1508
>>>> [5] https://issues.apache.org/jira/browse/PHOENIX-2722
>>>> [6] *https://issues.apache.org/jira/browse/filter=12337975#
>>>> <https://issues.apache.org/jira/browse/filter=12337975#>*
>>>>
>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by James Taylor <ja...@apache.org>.
Thanks for going through the release, Josh. One partial quick fix might be
to exclude the trace app from both the source and binary distributions and
move it to github as more of a community add-on (we have a few of these
already). To be honest, I don't think it's had much community uptake - a UI
it a bit outside of the scope with a different skill set than a distributed
database.
We need to fix the other stuff, though.
Would you mind filing some JIRAs for these, Josh.
Thanks,
James
On Sun, Jul 17, 2016 at 9:42 PM, Andrew Purtell <an...@gmail.com>
wrote:
> A partial prescription:
>
> - Looks like no updates to LICENSE or NOTICE were done when the trace app
> GSoC project was merged, hence the issues with bootstrap and other bundled
> JavaScript. Time to do a top to bottom review?
>
> - Prune RAT exclusions to the minimum and fix reported issues.
>
> - Over on HBase we also faced a big divergence in what is included in
> source and binary convenience artifacts, due to the ton of extra deps that
> come with upstream binaries and runtime concerns like embedded UIs. We
> fixed this through maven based automated assembly of binary LICENSE and
> NOTICE files using templates and velocity macros. Sean Busbey did the
> lion's share of the work. Refer to
> https://issues.apache.org/jira/browse/HBASE-14085 . It was a significant
> effort.
>
>
>
> > On Jul 17, 2016, at 10:53 AM, Josh Elser <el...@apache.org> wrote:
> >
> > -1 (non-binding) from me with my Phoenix hat on (avoiding putting on the
> ASF member hat for now). Lots of wrong licensing stuff in here -- as-in,
> this should very definitely not go out as a release. I hope the Phoenix PMC
> steps up to -1 this release on their own.
> >
> > *** Source release:
> >
> > Good:
> > * MD5 and GPG sig is fine
> > * KEYS is good
> > * Did not find any binary files
> > * Was able to build the source code
> >
> > Bad:
> > * SHA1 xsum is wrong. It looks like complete nonsense to me, but I can't
> find the appropriate xsum in that file (which was
> 64208164580f3467cd2c8b51c0d9f8ac37f0c671)
> > * Lots of "Copyright ASF" in Java source files which should not be there.
> > * No license headers on any Apache Phoenix JS files. Looks like these
> are completely ignored by the apache-rat check which is very bad.
> > - All properties files are ignored. They can and should have license
> headers (./phoenix-pherf/src/test/resources/pherf.test.properties is
> missing headers now, and is just garbled)
> > * Would be good to have the artifact name be
> "apache-phoenix-$version.tar.gz" as that's the project's proper name.
> >
> > * NOTICE problems
> > - No Apache Phoenix copyright (should be 20XX-2016)
> > - Source release does not include HBase, Hadoop, or Commons, does it?
> Do we have copied code from these projects in Phoenix source?
> > - JUnit, SLF4j, JLine, and Antlr are not included in the source
> release, they do not belong here.
> > - Sqlline entry has the wrong website and doesn't belong in NOTICE
> (should go in LICENSE)
> >
> > * LICENSE problems
> > - ENTIRELY NO MENTION of tons of libraries:
> > + Bootstrap (Twitter with MIT license)
> > + JQuery (JQuery Foundation with MIT license)
> > + AngularJS and Angular-Mocks 1.3.15 (Google, inc. with MIT license)
> > + Angular-Routes 1.3.8 (Google, inc with MIT license)
> > + Google Chart Api Directive Module for AngularJS (Nicolas Bouillon
> with MIT)
> > + angular-ui-bootstrap (http://angular-ui.github.io/bootstrap/ with
> MIT)
> > + Sqlline (Marc Prud'hommeaux with BSD)
> > + Glyphicons (http://glyphicons.com with CC-By 3.0)
> > + Fontawesome fonts (http://fontawesome.io with SIL Open Font
> license -- which falls into category-b for the ASF for those playing along)
> >
> >
> > *** Binary release:
> >
> > Good:
> > * MD5 and GPG sig are fine
> >
> > Other:
> > * I'm not sure how to handle the L&N for the tarball itself (since they
> just contain JARs which are in themselves a "binary release"). e.g. should
> the top-level L&N files contain the aggregate L&N for all JARs in the
> binary tarball?
> >
> > Bad:
> > * SHA1 is again garbled (I computed
> 817b68246f8d9c9fc5317660ad1021752996d1f1)
> >
> > NOTICE problems (tarball):
> > - Wrong Apache Phoenix copyright (2014, not 20XX-2016)
> > - Completely different sqlline copyright/license notice than in source
> release! Which one is correct?? Also, license information belongs in
> LICENSE, not in NOTICE.
> > - I would strongly bet that Apache Hadoop and HBase both have
> information in their NOTICE files which requires propagation (e.g. things
> other than "Copyright ASF" which is not required).
> >
> > LICENSE problems (tarball):
> > - See all of the same issues from the LICENSE problems in the
> source-release.
> >
> > For phoenix-client.jar:
> > - Multiple LICENSE files lying around but nothing which seems accurate
> for the binary artifact being released -- this information should be
> self-contained in one file (commonly META-INF/{LICENSE,NOTICE}).
> > - Not going to enumerate all of the issues, but I see there is at least
> one issue in HSQLDB as it's BSD license and not included in LICENSE. I'm
> guessing this is missing tons of necessary entries.
> >
> > For phoenix-tracing-webapp-4.8.0-HBase-1.2-runnable.jar:
> > - Absolutely no mention of the bundled javascript libraries as outlined
> in the source-release.
> > - (A hunch) missing a necessary entry for UnixCrypt per
> https://github.com/eclipse/jetty.project/blob/jetty-8.1.16.v20140903/NOTICE.txt.
> There's no git tag for the 8.1.7 version we use.
> >
> > For now, I'm going to omit going through the rest, but I have lots of
> fear over the other shaded jars being similarly inadequate.
> >
> > - Josh
> >
> > Ankit Singhal wrote:
> >> Hello Everyone,
> >>
> >> This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
> >> the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
> >> The release includes both a source-only release and a convenience binary
> >> release.
> >>
> >> This release has feature parity with our other pending 4.8.0 releases
> and
> >> includes the following improvements:
> >> - Local Index improvements[1]
> >> - Phoenix hive integration[2]
> >> - Namespace mapping support[3]
> >> - Many VIEW enhancements[4]
> >> - Offset support for paging queries[5]
> >> - 100+ Bugs resolved[6]
> >> - Many performance enhancements(related to StatsCache, distinct, Serial
> >> query with Stats etc)
> >>
> >> The source tarball, including signatures, digests, etc can be found at:
> >>
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
> >>
> >> The binary artifacts can be found at:
> >>
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
> >>
> >> For a complete list of changes, see:
> >> *
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
> >> <
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
> >*
> >>
> >> Release artifacts are signed with the following key:
> >> *https://people.apache.org/keys/committer/ankit.asc
> >> <https://people.apache.org/keys/committer/ankit.asc>*
> >>
> >> KEYS file available here:
> >> https://dist.apache.org/repos/dist/dev/phoenix/KEYS
> >>
> >> The hash and tag to be voted upon:
> >> *
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
> >> <
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
> >*
> >>
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
> >>
> >> Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
> >>
> >> [ ] +1 approve
> >> [ ] +0 no opinion
> >> [ ] -1 disapprove (and reason why)
> >>
> >> Thanks,
> >> The Apache Phoenix Team
> >>
> >> [1] https://issues.apache.org/jira/browse/PHOENIX-1734
> >> [2] https://issues.apache.org/jira/browse/PHOENIX-2743
> >> [3] https://issues.apache.org/jira/browse/PHOENIX-1311
> >> [4] https://issues.apache.org/jira/browse/PHOENIX-1508
> >> [5] https://issues.apache.org/jira/browse/PHOENIX-2722
> >> [6] *https://issues.apache.org/jira/browse/filter=12337975#
> >> <https://issues.apache.org/jira/browse/filter=12337975#>*
> >>
>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Ankit Singhal <an...@gmail.com>.
Canceling this RC , will come up with new RC once LICENSE and NOTICE
issues(PHOENIX-3091) are resolved.
On Tue, Jul 19, 2016 at 11:38 AM, James Taylor <ja...@apache.org>
wrote:
> Switching my vote to -1. Our releases need to conform to ASF policy.
>
> Besides the stuff that Josh is already doing (thanks so much, Josh), my
> recommendation would be to:
> - cancel the vote on the current release. Ankit - as RM would you mind
> doing that?
> - remove the trace UI module from both the source and binary releases as
> it's the cause of the majority of issues.
> - don't tackle the automation issue yet as we need to get 4.8.0 out ASAP -
> it's late as it is.
>
> Thanks,
> James
>
> On Tue, Jul 19, 2016 at 1:47 AM, Andrew Purtell <ap...@apache.org>
> wrote:
>
> > Option #2 looks ok but I think implied it is source release only, right?
> >
> > Option #3 is the full solution so that's fine.
> >
> > On Mon, Jul 18, 2016 at 4:46 PM, Andrew Purtell <ap...@apache.org>
> > wrote:
> >
> > > Carrying this over from the discussion.
> > >
> > > -1 (binding)
> > >
> > > Option 1 isn't viable. Getting IP right in a release is fundamental.
> > >
> > >
> > > On Mon, Jul 18, 2016 at 11:43 AM, Josh Elser <jo...@gmail.com>
> > wrote:
> > >
> > >> Sean Busbey wrote:
> > >>
> > >>> On Mon, Jul 18, 2016 at 12:05 PM, Ankit Singhal
> > >>> <an...@gmail.com> wrote:
> > >>>
> > >>>> Now we have three options to go forward with 4.8 release (or whether
> > to
> > >>>> include licenses and notices for the dependency used now or later):-
> > >>>>
> > >>>> *Option 1:- Go with this RC0 for 4.8 release.*
> > >>>> -- As the build is functionally good and stable.
> > >>>> -- It has been delayed already and there are some project
> > which
> > >>>> are
> > >>>> relying on this(as 4.8 works with HBase 1.2)
> > >>>> -- We have been releasing like this from past few releases.
> > >>>> -- RC has binding votes required for go head.
> > >>>> -- Fix license and notice issue in future releases.
> > >>>>
> > >>>
> > >>>
> > >>> I would *strongly* recommend the PMC not take Option 1's course of
> > >>> action. ASF policy on necessary licensing work is very clear.
> > >>> Additionally, if the current LICENSE/NOTICE work is sufficiently
> > >>> inaccurate that it fails to meet the licensing requirements of
> bundled
> > >>> works then the PMC will have moved from accidental nonconformance in
> > >>> prior releases to knowingly violating the licenses of those works in
> > >>> this release. Reading the JIRAs that Josh was helpful enough to file,
> > >>> it sounds like the current artifacts would in fact violate the
> > >>> licenses of bundled works.
> > >>>
> > >>
> > >> In case my opinions weren't already brutally clear: the issue is not
> the
> > >> functionality of the software "Apache Phoenix". This issue is that
> this
> > >> release candidate clearly violates ASF policy. Quite certainly option
> > one
> > >> would result in escalation to the board -- I don't know how that will
> > play
> > >> out. It's not meant to be a threat, either, but a reality. This is one
> > of
> > >> the core responsibilities of the PMC. There really isn't any wiggle
> > room.
> > >>
> > >> I can start knocking out the issues I created -- I really don't think
> > >> this will take more than a day or two for the source release and the
> > binary
> > >> artifact.
> > >>
> > >
> > >
> > >
> > > --
> > > Best regards,
> > >
> > > - Andy
> > >
> > > Problems worthy of attack prove their worth by hitting back. - Piet
> Hein
> > > (via Tom White)
> > >
> >
> >
> >
> > --
> > Best regards,
> >
> > - Andy
> >
> > Problems worthy of attack prove their worth by hitting back. - Piet Hein
> > (via Tom White)
> >
>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by James Taylor <ja...@apache.org>.
Switching my vote to -1. Our releases need to conform to ASF policy.
Besides the stuff that Josh is already doing (thanks so much, Josh), my
recommendation would be to:
- cancel the vote on the current release. Ankit - as RM would you mind
doing that?
- remove the trace UI module from both the source and binary releases as
it's the cause of the majority of issues.
- don't tackle the automation issue yet as we need to get 4.8.0 out ASAP -
it's late as it is.
Thanks,
James
On Tue, Jul 19, 2016 at 1:47 AM, Andrew Purtell <ap...@apache.org> wrote:
> Option #2 looks ok but I think implied it is source release only, right?
>
> Option #3 is the full solution so that's fine.
>
> On Mon, Jul 18, 2016 at 4:46 PM, Andrew Purtell <ap...@apache.org>
> wrote:
>
> > Carrying this over from the discussion.
> >
> > -1 (binding)
> >
> > Option 1 isn't viable. Getting IP right in a release is fundamental.
> >
> >
> > On Mon, Jul 18, 2016 at 11:43 AM, Josh Elser <jo...@gmail.com>
> wrote:
> >
> >> Sean Busbey wrote:
> >>
> >>> On Mon, Jul 18, 2016 at 12:05 PM, Ankit Singhal
> >>> <an...@gmail.com> wrote:
> >>>
> >>>> Now we have three options to go forward with 4.8 release (or whether
> to
> >>>> include licenses and notices for the dependency used now or later):-
> >>>>
> >>>> *Option 1:- Go with this RC0 for 4.8 release.*
> >>>> -- As the build is functionally good and stable.
> >>>> -- It has been delayed already and there are some project
> which
> >>>> are
> >>>> relying on this(as 4.8 works with HBase 1.2)
> >>>> -- We have been releasing like this from past few releases.
> >>>> -- RC has binding votes required for go head.
> >>>> -- Fix license and notice issue in future releases.
> >>>>
> >>>
> >>>
> >>> I would *strongly* recommend the PMC not take Option 1's course of
> >>> action. ASF policy on necessary licensing work is very clear.
> >>> Additionally, if the current LICENSE/NOTICE work is sufficiently
> >>> inaccurate that it fails to meet the licensing requirements of bundled
> >>> works then the PMC will have moved from accidental nonconformance in
> >>> prior releases to knowingly violating the licenses of those works in
> >>> this release. Reading the JIRAs that Josh was helpful enough to file,
> >>> it sounds like the current artifacts would in fact violate the
> >>> licenses of bundled works.
> >>>
> >>
> >> In case my opinions weren't already brutally clear: the issue is not the
> >> functionality of the software "Apache Phoenix". This issue is that this
> >> release candidate clearly violates ASF policy. Quite certainly option
> one
> >> would result in escalation to the board -- I don't know how that will
> play
> >> out. It's not meant to be a threat, either, but a reality. This is one
> of
> >> the core responsibilities of the PMC. There really isn't any wiggle
> room.
> >>
> >> I can start knocking out the issues I created -- I really don't think
> >> this will take more than a day or two for the source release and the
> binary
> >> artifact.
> >>
> >
> >
> >
> > --
> > Best regards,
> >
> > - Andy
> >
> > Problems worthy of attack prove their worth by hitting back. - Piet Hein
> > (via Tom White)
> >
>
>
>
> --
> Best regards,
>
> - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)
>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Andrew Purtell <ap...@apache.org>.
Option #2 looks ok but I think implied it is source release only, right?
Option #3 is the full solution so that's fine.
On Mon, Jul 18, 2016 at 4:46 PM, Andrew Purtell <ap...@apache.org> wrote:
> Carrying this over from the discussion.
>
> -1 (binding)
>
> Option 1 isn't viable. Getting IP right in a release is fundamental.
>
>
> On Mon, Jul 18, 2016 at 11:43 AM, Josh Elser <jo...@gmail.com> wrote:
>
>> Sean Busbey wrote:
>>
>>> On Mon, Jul 18, 2016 at 12:05 PM, Ankit Singhal
>>> <an...@gmail.com> wrote:
>>>
>>>> Now we have three options to go forward with 4.8 release (or whether to
>>>> include licenses and notices for the dependency used now or later):-
>>>>
>>>> *Option 1:- Go with this RC0 for 4.8 release.*
>>>> -- As the build is functionally good and stable.
>>>> -- It has been delayed already and there are some project which
>>>> are
>>>> relying on this(as 4.8 works with HBase 1.2)
>>>> -- We have been releasing like this from past few releases.
>>>> -- RC has binding votes required for go head.
>>>> -- Fix license and notice issue in future releases.
>>>>
>>>
>>>
>>> I would *strongly* recommend the PMC not take Option 1's course of
>>> action. ASF policy on necessary licensing work is very clear.
>>> Additionally, if the current LICENSE/NOTICE work is sufficiently
>>> inaccurate that it fails to meet the licensing requirements of bundled
>>> works then the PMC will have moved from accidental nonconformance in
>>> prior releases to knowingly violating the licenses of those works in
>>> this release. Reading the JIRAs that Josh was helpful enough to file,
>>> it sounds like the current artifacts would in fact violate the
>>> licenses of bundled works.
>>>
>>
>> In case my opinions weren't already brutally clear: the issue is not the
>> functionality of the software "Apache Phoenix". This issue is that this
>> release candidate clearly violates ASF policy. Quite certainly option one
>> would result in escalation to the board -- I don't know how that will play
>> out. It's not meant to be a threat, either, but a reality. This is one of
>> the core responsibilities of the PMC. There really isn't any wiggle room.
>>
>> I can start knocking out the issues I created -- I really don't think
>> this will take more than a day or two for the source release and the binary
>> artifact.
>>
>
>
>
> --
> Best regards,
>
> - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)
>
--
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet Hein
(via Tom White)
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Andrew Purtell <ap...@apache.org>.
Carrying this over from the discussion.
-1 (binding)
Option 1 isn't viable. Getting IP right in a release is fundamental.
On Mon, Jul 18, 2016 at 11:43 AM, Josh Elser <jo...@gmail.com> wrote:
> Sean Busbey wrote:
>
>> On Mon, Jul 18, 2016 at 12:05 PM, Ankit Singhal
>> <an...@gmail.com> wrote:
>>
>>> Now we have three options to go forward with 4.8 release (or whether to
>>> include licenses and notices for the dependency used now or later):-
>>>
>>> *Option 1:- Go with this RC0 for 4.8 release.*
>>> -- As the build is functionally good and stable.
>>> -- It has been delayed already and there are some project which
>>> are
>>> relying on this(as 4.8 works with HBase 1.2)
>>> -- We have been releasing like this from past few releases.
>>> -- RC has binding votes required for go head.
>>> -- Fix license and notice issue in future releases.
>>>
>>
>>
>> I would *strongly* recommend the PMC not take Option 1's course of
>> action. ASF policy on necessary licensing work is very clear.
>> Additionally, if the current LICENSE/NOTICE work is sufficiently
>> inaccurate that it fails to meet the licensing requirements of bundled
>> works then the PMC will have moved from accidental nonconformance in
>> prior releases to knowingly violating the licenses of those works in
>> this release. Reading the JIRAs that Josh was helpful enough to file,
>> it sounds like the current artifacts would in fact violate the
>> licenses of bundled works.
>>
>
> In case my opinions weren't already brutally clear: the issue is not the
> functionality of the software "Apache Phoenix". This issue is that this
> release candidate clearly violates ASF policy. Quite certainly option one
> would result in escalation to the board -- I don't know how that will play
> out. It's not meant to be a threat, either, but a reality. This is one of
> the core responsibilities of the PMC. There really isn't any wiggle room.
>
> I can start knocking out the issues I created -- I really don't think this
> will take more than a day or two for the source release and the binary
> artifact.
>
--
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet Hein
(via Tom White)
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Josh Elser <jo...@gmail.com>.
Sean Busbey wrote:
> On Mon, Jul 18, 2016 at 12:05 PM, Ankit Singhal
> <an...@gmail.com> wrote:
>> Now we have three options to go forward with 4.8 release (or whether to
>> include licenses and notices for the dependency used now or later):-
>>
>> *Option 1:- Go with this RC0 for 4.8 release.*
>> -- As the build is functionally good and stable.
>> -- It has been delayed already and there are some project which are
>> relying on this(as 4.8 works with HBase 1.2)
>> -- We have been releasing like this from past few releases.
>> -- RC has binding votes required for go head.
>> -- Fix license and notice issue in future releases.
>
>
> I would *strongly* recommend the PMC not take Option 1's course of
> action. ASF policy on necessary licensing work is very clear.
> Additionally, if the current LICENSE/NOTICE work is sufficiently
> inaccurate that it fails to meet the licensing requirements of bundled
> works then the PMC will have moved from accidental nonconformance in
> prior releases to knowingly violating the licenses of those works in
> this release. Reading the JIRAs that Josh was helpful enough to file,
> it sounds like the current artifacts would in fact violate the
> licenses of bundled works.
In case my opinions weren't already brutally clear: the issue is not the
functionality of the software "Apache Phoenix". This issue is that this
release candidate clearly violates ASF policy. Quite certainly option
one would result in escalation to the board -- I don't know how that
will play out. It's not meant to be a threat, either, but a reality.
This is one of the core responsibilities of the PMC. There really isn't
any wiggle room.
I can start knocking out the issues I created -- I really don't think
this will take more than a day or two for the source release and the
binary artifact.
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Sean Busbey <bu...@cloudera.com>.
On Mon, Jul 18, 2016 at 12:05 PM, Ankit Singhal
<an...@gmail.com> wrote:
> Now we have three options to go forward with 4.8 release (or whether to
> include licenses and notices for the dependency used now or later):-
>
> *Option 1:- Go with this RC0 for 4.8 release.*
> -- As the build is functionally good and stable.
> -- It has been delayed already and there are some project which are
> relying on this(as 4.8 works with HBase 1.2)
> -- We have been releasing like this from past few releases.
> -- RC has binding votes required for go head.
> -- Fix license and notice issue in future releases.
I would *strongly* recommend the PMC not take Option 1's course of
action. ASF policy on necessary licensing work is very clear.
Additionally, if the current LICENSE/NOTICE work is sufficiently
inaccurate that it fails to meet the licensing requirements of bundled
works then the PMC will have moved from accidental nonconformance in
prior releases to knowingly violating the licenses of those works in
this release. Reading the JIRAs that Josh was helpful enough to file,
it sounds like the current artifacts would in fact violate the
licenses of bundled works.
--
busbey
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Josh Elser <jo...@gmail.com>.
Ankit Singhal wrote:
> @Josh, bq. Bad:
> * SHA1 xsum is wrong. It looks like complete nonsense to me, but I
> can't find the appropriate xsum in that file (which was
> 64208164580f3467cd2c8b51c0d9f8ac37f0c671)
> ---- In Phoenix , we don't use SHA1 , SHA files has only SHA-512 and
> SHA-256 hashes, so you can use shasum to validate them.
Thanks for the clarification, Ankit. I was confused that there were
multiple lines in the file. It would be nice to be clear in the release
vote email what checksums are being provided so that users can verify
them. If there are official docs on how the release emails are created
(a template somewhere), I'm happy to update that.
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Ankit Singhal <an...@gmail.com>.
@Josh, bq. Bad:
* SHA1 xsum is wrong. It looks like complete nonsense to me, but I
can't find the appropriate xsum in that file (which was
64208164580f3467cd2c8b51c0d9f8ac37f0c671)
---- In Phoenix , we don't use SHA1 , SHA files has only SHA-512 and
SHA-256 hashes, so you can use shasum to validate them.
Now we have three options to go forward with 4.8 release (or whether to
include licenses and notices for the dependency used now or later):-
*Option 1:- Go with this RC0 for 4.8 release.*
-- As the build is functionally good and stable.
-- It has been delayed already and there are some project which are
relying on this(as 4.8 works with HBase 1.2)
-- We have been releasing like this from past few releases.
-- RC has binding votes required for go head.
-- Fix license and notice issue in future releases.
*Option 2:- If necessary , Quick fix only the major issues with licenses
for now and do RC1.*
-- like removing tracing app from distribution
-- Do the rat-check thoroughly , remove exclusions if there are and
fix the reported issue.
-- Use License headers for all files(including JS and properties)
-- Suffix with artifact name with "*apache*
"-(<project_name>-$version.tar.gz)
-- etc.
*Option 3:- Wait to fix all the LICENSE and NOTICE issues *
-- I ported the great work done by Sean (for HBase on HBASE-14085
<https://issues.apache.org/jira/browse/HBASE-14085> ) into Phoenix. Need to
add more licenses(for direct and transitive dependencies) as supplement in
supplement-model.xml but resolving all may take time as experienced by
people worked on it already
-- Top to bottom analysis of licenses and notice for dependencies
with some review cycles.
-- Delay release till ported automation discussed above is in
place.
Regards,
Ankit Singhal
I tried porting the great work done by Sean on HBASE-14085
<https://issues.apache.org/jira/browse/HBASE-14085> to fix LICENSE and
NOTICE issue in Phoenix but there are many dependencies(direct or
transitive) which requires proper licensing details to be added
On Mon, Jul 18, 2016 at 8:31 PM, Josh Elser <jo...@gmail.com> wrote:
> Filed https://issues.apache.org/jira/browse/PHOENIX-3084 for the source
> release and https://issues.apache.org/jira/browse/PHOENIX-3091 for the
> binary release.
>
> I tried to give a general overview on what needs to happen in the parent
> issue. I am also happy to help fix this, explain in greater details why
> it's presently wrong, and/or help others understand how to fix it
> themselves.
>
>
> Sean Busbey wrote:
>
>> Ooof. it's always rough when this stuff gets out of sync. FWIW, as a
>> non-binding community participant, I'd label this stuff a blocker on
>> further releases. It's too easy to let it slip and is one of the few
>> mandatory responsibilities we get from the board as a project.
>>
>> In my prior experience, the key to avoiding this being a months-long
>> release dry spell (as happened to HBase, Hadoop, and Avro) is managing
>> to parallelize the work of getting things resolved. It also helps to
>> get an idea of what the PMC considers must-do for compliance and what
>> they consider nice-to-have. For some that has been automation and
>> correct marking on an artifact-by-artifact basis (the strictest
>> interpretation of the asf policy), for others it has been something
>> manual that's sufficient to meet the requirements of all upstream
>> licenses (the loosest interpretation of the asf policy).
>>
>> Perhaps a [DISCUSS] thread in parallel to Josh filing JIRAs would be
>> helpful? Right now it looks like all but the Apache Phoenix
>> 4.8.0-HBase-1.1 RC have sufficient votes to pass, so the separate
>> thread might help get better PMC attention to the issue.
>>
>> On Sun, Jul 17, 2016 at 2:42 PM, Andrew Purtell
>> <an...@gmail.com> wrote:
>>
>>> A partial prescription:
>>>
>>> - Looks like no updates to LICENSE or NOTICE were done when the trace
>>> app GSoC project was merged, hence the issues with bootstrap and other
>>> bundled JavaScript. Time to do a top to bottom review?
>>>
>>> - Prune RAT exclusions to the minimum and fix reported issues.
>>>
>>> - Over on HBase we also faced a big divergence in what is included in
>>> source and binary convenience artifacts, due to the ton of extra deps that
>>> come with upstream binaries and runtime concerns like embedded UIs. We
>>> fixed this through maven based automated assembly of binary LICENSE and
>>> NOTICE files using templates and velocity macros. Sean Busbey did the
>>> lion's share of the work. Refer to
>>> https://issues.apache.org/jira/browse/HBASE-14085 . It was a
>>> significant effort.
>>>
>>>
>>>
>>> On Jul 17, 2016, at 10:53 AM, Josh Elser<el...@apache.org> wrote:
>>>>
>>>> -1 (non-binding) from me with my Phoenix hat on (avoiding putting on
>>>> the ASF member hat for now). Lots of wrong licensing stuff in here --
>>>> as-in, this should very definitely not go out as a release. I hope the
>>>> Phoenix PMC steps up to -1 this release on their own.
>>>>
>>>> *** Source release:
>>>>
>>>> Good:
>>>> * MD5 and GPG sig is fine
>>>> * KEYS is good
>>>> * Did not find any binary files
>>>> * Was able to build the source code
>>>>
>>>> Bad:
>>>> * SHA1 xsum is wrong. It looks like complete nonsense to me, but I
>>>> can't find the appropriate xsum in that file (which was
>>>> 64208164580f3467cd2c8b51c0d9f8ac37f0c671)
>>>> * Lots of "Copyright ASF" in Java source files which should not be
>>>> there.
>>>> * No license headers on any Apache Phoenix JS files. Looks like these
>>>> are completely ignored by the apache-rat check which is very bad.
>>>> - All properties files are ignored. They can and should have license
>>>> headers (./phoenix-pherf/src/test/resources/pherf.test.properties is
>>>> missing headers now, and is just garbled)
>>>> * Would be good to have the artifact name be
>>>> "apache-phoenix-$version.tar.gz" as that's the project's proper name.
>>>>
>>>> * NOTICE problems
>>>> - No Apache Phoenix copyright (should be 20XX-2016)
>>>> - Source release does not include HBase, Hadoop, or Commons, does it?
>>>> Do we have copied code from these projects in Phoenix source?
>>>> - JUnit, SLF4j, JLine, and Antlr are not included in the source
>>>> release, they do not belong here.
>>>> - Sqlline entry has the wrong website and doesn't belong in NOTICE
>>>> (should go in LICENSE)
>>>>
>>>> * LICENSE problems
>>>> - ENTIRELY NO MENTION of tons of libraries:
>>>> + Bootstrap (Twitter with MIT license)
>>>> + JQuery (JQuery Foundation with MIT license)
>>>> + AngularJS and Angular-Mocks 1.3.15 (Google, inc. with MIT
>>>> license)
>>>> + Angular-Routes 1.3.8 (Google, inc with MIT license)
>>>> + Google Chart Api Directive Module for AngularJS (Nicolas
>>>> Bouillon with MIT)
>>>> + angular-ui-bootstrap (http://angular-ui.github.io/bootstrap/
>>>> with MIT)
>>>> + Sqlline (Marc Prud'hommeaux with BSD)
>>>> + Glyphicons (http://glyphicons.com with CC-By 3.0)
>>>> + Fontawesome fonts (http://fontawesome.io with SIL Open Font
>>>> license -- which falls into category-b for the ASF for those playing along)
>>>>
>>>>
>>>> *** Binary release:
>>>>
>>>> Good:
>>>> * MD5 and GPG sig are fine
>>>>
>>>> Other:
>>>> * I'm not sure how to handle the L&N for the tarball itself (since they
>>>> just contain JARs which are in themselves a "binary release"). e.g. should
>>>> the top-level L&N files contain the aggregate L&N for all JARs in the
>>>> binary tarball?
>>>>
>>>> Bad:
>>>> * SHA1 is again garbled (I computed
>>>> 817b68246f8d9c9fc5317660ad1021752996d1f1)
>>>>
>>>> NOTICE problems (tarball):
>>>> - Wrong Apache Phoenix copyright (2014, not 20XX-2016)
>>>> - Completely different sqlline copyright/license notice than in
>>>> source release! Which one is correct?? Also, license information belongs in
>>>> LICENSE, not in NOTICE.
>>>> - I would strongly bet that Apache Hadoop and HBase both have
>>>> information in their NOTICE files which requires propagation (e.g. things
>>>> other than "Copyright ASF" which is not required).
>>>>
>>>> LICENSE problems (tarball):
>>>> - See all of the same issues from the LICENSE problems in the
>>>> source-release.
>>>>
>>>> For phoenix-client.jar:
>>>> - Multiple LICENSE files lying around but nothing which seems
>>>> accurate for the binary artifact being released -- this information should
>>>> be self-contained in one file (commonly META-INF/{LICENSE,NOTICE}).
>>>> - Not going to enumerate all of the issues, but I see there is at
>>>> least one issue in HSQLDB as it's BSD license and not included in LICENSE.
>>>> I'm guessing this is missing tons of necessary entries.
>>>>
>>>> For phoenix-tracing-webapp-4.8.0-HBase-1.2-runnable.jar:
>>>> - Absolutely no mention of the bundled javascript libraries as
>>>> outlined in the source-release.
>>>> - (A hunch) missing a necessary entry for UnixCrypt per
>>>> https://github.com/eclipse/jetty.project/blob/jetty-8.1.16.v20140903/NOTICE.txt.
>>>> There's no git tag for the 8.1.7 version we use.
>>>>
>>>> For now, I'm going to omit going through the rest, but I have lots of
>>>> fear over the other shaded jars being similarly inadequate.
>>>>
>>>> - Josh
>>>>
>>>> Ankit Singhal wrote:
>>>>
>>>>> Hello Everyone,
>>>>>
>>>>> This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This
>>>>> is
>>>>> the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
>>>>> The release includes both a source-only release and a convenience
>>>>> binary
>>>>> release.
>>>>>
>>>>> This release has feature parity with our other pending 4.8.0 releases
>>>>> and
>>>>> includes the following improvements:
>>>>> - Local Index improvements[1]
>>>>> - Phoenix hive integration[2]
>>>>> - Namespace mapping support[3]
>>>>> - Many VIEW enhancements[4]
>>>>> - Offset support for paging queries[5]
>>>>> - 100+ Bugs resolved[6]
>>>>> - Many performance enhancements(related to StatsCache, distinct, Serial
>>>>> query with Stats etc)
>>>>>
>>>>> The source tarball, including signatures, digests, etc can be found at:
>>>>>
>>>>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
>>>>>
>>>>> The binary artifacts can be found at:
>>>>>
>>>>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
>>>>>
>>>>> For a complete list of changes, see:
>>>>> *
>>>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
>>>>> <
>>>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
>>>>> >*
>>>>>
>>>>> Release artifacts are signed with the following key:
>>>>> *https://people.apache.org/keys/committer/ankit.asc
>>>>> <https://people.apache.org/keys/committer/ankit.asc>*
>>>>>
>>>>> KEYS file available here:
>>>>> https://dist.apache.org/repos/dist/dev/phoenix/KEYS
>>>>>
>>>>> The hash and tag to be voted upon:
>>>>> *
>>>>> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
>>>>> <
>>>>> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
>>>>> >*
>>>>>
>>>>> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
>>>>>
>>>>> Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
>>>>>
>>>>> [ ] +1 approve
>>>>> [ ] +0 no opinion
>>>>> [ ] -1 disapprove (and reason why)
>>>>>
>>>>> Thanks,
>>>>> The Apache Phoenix Team
>>>>>
>>>>> [1] https://issues.apache.org/jira/browse/PHOENIX-1734
>>>>> [2] https://issues.apache.org/jira/browse/PHOENIX-2743
>>>>> [3] https://issues.apache.org/jira/browse/PHOENIX-1311
>>>>> [4] https://issues.apache.org/jira/browse/PHOENIX-1508
>>>>> [5] https://issues.apache.org/jira/browse/PHOENIX-2722
>>>>> [6] *https://issues.apache.org/jira/browse/filter=12337975#
>>>>> <https://issues.apache.org/jira/browse/filter=12337975#>*
>>>>>
>>>>>
>>
>>
>>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Josh Elser <jo...@gmail.com>.
Filed https://issues.apache.org/jira/browse/PHOENIX-3084 for the source
release and https://issues.apache.org/jira/browse/PHOENIX-3091 for the
binary release.
I tried to give a general overview on what needs to happen in the parent
issue. I am also happy to help fix this, explain in greater details why
it's presently wrong, and/or help others understand how to fix it
themselves.
Sean Busbey wrote:
> Ooof. it's always rough when this stuff gets out of sync. FWIW, as a
> non-binding community participant, I'd label this stuff a blocker on
> further releases. It's too easy to let it slip and is one of the few
> mandatory responsibilities we get from the board as a project.
>
> In my prior experience, the key to avoiding this being a months-long
> release dry spell (as happened to HBase, Hadoop, and Avro) is managing
> to parallelize the work of getting things resolved. It also helps to
> get an idea of what the PMC considers must-do for compliance and what
> they consider nice-to-have. For some that has been automation and
> correct marking on an artifact-by-artifact basis (the strictest
> interpretation of the asf policy), for others it has been something
> manual that's sufficient to meet the requirements of all upstream
> licenses (the loosest interpretation of the asf policy).
>
> Perhaps a [DISCUSS] thread in parallel to Josh filing JIRAs would be
> helpful? Right now it looks like all but the Apache Phoenix
> 4.8.0-HBase-1.1 RC have sufficient votes to pass, so the separate
> thread might help get better PMC attention to the issue.
>
> On Sun, Jul 17, 2016 at 2:42 PM, Andrew Purtell
> <an...@gmail.com> wrote:
>> A partial prescription:
>>
>> - Looks like no updates to LICENSE or NOTICE were done when the trace app GSoC project was merged, hence the issues with bootstrap and other bundled JavaScript. Time to do a top to bottom review?
>>
>> - Prune RAT exclusions to the minimum and fix reported issues.
>>
>> - Over on HBase we also faced a big divergence in what is included in source and binary convenience artifacts, due to the ton of extra deps that come with upstream binaries and runtime concerns like embedded UIs. We fixed this through maven based automated assembly of binary LICENSE and NOTICE files using templates and velocity macros. Sean Busbey did the lion's share of the work. Refer to https://issues.apache.org/jira/browse/HBASE-14085 . It was a significant effort.
>>
>>
>>
>>> On Jul 17, 2016, at 10:53 AM, Josh Elser<el...@apache.org> wrote:
>>>
>>> -1 (non-binding) from me with my Phoenix hat on (avoiding putting on the ASF member hat for now). Lots of wrong licensing stuff in here -- as-in, this should very definitely not go out as a release. I hope the Phoenix PMC steps up to -1 this release on their own.
>>>
>>> *** Source release:
>>>
>>> Good:
>>> * MD5 and GPG sig is fine
>>> * KEYS is good
>>> * Did not find any binary files
>>> * Was able to build the source code
>>>
>>> Bad:
>>> * SHA1 xsum is wrong. It looks like complete nonsense to me, but I can't find the appropriate xsum in that file (which was 64208164580f3467cd2c8b51c0d9f8ac37f0c671)
>>> * Lots of "Copyright ASF" in Java source files which should not be there.
>>> * No license headers on any Apache Phoenix JS files. Looks like these are completely ignored by the apache-rat check which is very bad.
>>> - All properties files are ignored. They can and should have license headers (./phoenix-pherf/src/test/resources/pherf.test.properties is missing headers now, and is just garbled)
>>> * Would be good to have the artifact name be "apache-phoenix-$version.tar.gz" as that's the project's proper name.
>>>
>>> * NOTICE problems
>>> - No Apache Phoenix copyright (should be 20XX-2016)
>>> - Source release does not include HBase, Hadoop, or Commons, does it? Do we have copied code from these projects in Phoenix source?
>>> - JUnit, SLF4j, JLine, and Antlr are not included in the source release, they do not belong here.
>>> - Sqlline entry has the wrong website and doesn't belong in NOTICE (should go in LICENSE)
>>>
>>> * LICENSE problems
>>> - ENTIRELY NO MENTION of tons of libraries:
>>> + Bootstrap (Twitter with MIT license)
>>> + JQuery (JQuery Foundation with MIT license)
>>> + AngularJS and Angular-Mocks 1.3.15 (Google, inc. with MIT license)
>>> + Angular-Routes 1.3.8 (Google, inc with MIT license)
>>> + Google Chart Api Directive Module for AngularJS (Nicolas Bouillon with MIT)
>>> + angular-ui-bootstrap (http://angular-ui.github.io/bootstrap/ with MIT)
>>> + Sqlline (Marc Prud'hommeaux with BSD)
>>> + Glyphicons (http://glyphicons.com with CC-By 3.0)
>>> + Fontawesome fonts (http://fontawesome.io with SIL Open Font license -- which falls into category-b for the ASF for those playing along)
>>>
>>>
>>> *** Binary release:
>>>
>>> Good:
>>> * MD5 and GPG sig are fine
>>>
>>> Other:
>>> * I'm not sure how to handle the L&N for the tarball itself (since they just contain JARs which are in themselves a "binary release"). e.g. should the top-level L&N files contain the aggregate L&N for all JARs in the binary tarball?
>>>
>>> Bad:
>>> * SHA1 is again garbled (I computed 817b68246f8d9c9fc5317660ad1021752996d1f1)
>>>
>>> NOTICE problems (tarball):
>>> - Wrong Apache Phoenix copyright (2014, not 20XX-2016)
>>> - Completely different sqlline copyright/license notice than in source release! Which one is correct?? Also, license information belongs in LICENSE, not in NOTICE.
>>> - I would strongly bet that Apache Hadoop and HBase both have information in their NOTICE files which requires propagation (e.g. things other than "Copyright ASF" which is not required).
>>>
>>> LICENSE problems (tarball):
>>> - See all of the same issues from the LICENSE problems in the source-release.
>>>
>>> For phoenix-client.jar:
>>> - Multiple LICENSE files lying around but nothing which seems accurate for the binary artifact being released -- this information should be self-contained in one file (commonly META-INF/{LICENSE,NOTICE}).
>>> - Not going to enumerate all of the issues, but I see there is at least one issue in HSQLDB as it's BSD license and not included in LICENSE. I'm guessing this is missing tons of necessary entries.
>>>
>>> For phoenix-tracing-webapp-4.8.0-HBase-1.2-runnable.jar:
>>> - Absolutely no mention of the bundled javascript libraries as outlined in the source-release.
>>> - (A hunch) missing a necessary entry for UnixCrypt per https://github.com/eclipse/jetty.project/blob/jetty-8.1.16.v20140903/NOTICE.txt. There's no git tag for the 8.1.7 version we use.
>>>
>>> For now, I'm going to omit going through the rest, but I have lots of fear over the other shaded jars being similarly inadequate.
>>>
>>> - Josh
>>>
>>> Ankit Singhal wrote:
>>>> Hello Everyone,
>>>>
>>>> This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
>>>> the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
>>>> The release includes both a source-only release and a convenience binary
>>>> release.
>>>>
>>>> This release has feature parity with our other pending 4.8.0 releases and
>>>> includes the following improvements:
>>>> - Local Index improvements[1]
>>>> - Phoenix hive integration[2]
>>>> - Namespace mapping support[3]
>>>> - Many VIEW enhancements[4]
>>>> - Offset support for paging queries[5]
>>>> - 100+ Bugs resolved[6]
>>>> - Many performance enhancements(related to StatsCache, distinct, Serial
>>>> query with Stats etc)
>>>>
>>>> The source tarball, including signatures, digests, etc can be found at:
>>>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
>>>>
>>>> The binary artifacts can be found at:
>>>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
>>>>
>>>> For a complete list of changes, see:
>>>> *https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
>>>> <https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120>*
>>>>
>>>> Release artifacts are signed with the following key:
>>>> *https://people.apache.org/keys/committer/ankit.asc
>>>> <https://people.apache.org/keys/committer/ankit.asc>*
>>>>
>>>> KEYS file available here:
>>>> https://dist.apache.org/repos/dist/dev/phoenix/KEYS
>>>>
>>>> The hash and tag to be voted upon:
>>>> *https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
>>>> <https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138>*
>>>> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
>>>>
>>>> Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
>>>>
>>>> [ ] +1 approve
>>>> [ ] +0 no opinion
>>>> [ ] -1 disapprove (and reason why)
>>>>
>>>> Thanks,
>>>> The Apache Phoenix Team
>>>>
>>>> [1] https://issues.apache.org/jira/browse/PHOENIX-1734
>>>> [2] https://issues.apache.org/jira/browse/PHOENIX-2743
>>>> [3] https://issues.apache.org/jira/browse/PHOENIX-1311
>>>> [4] https://issues.apache.org/jira/browse/PHOENIX-1508
>>>> [5] https://issues.apache.org/jira/browse/PHOENIX-2722
>>>> [6] *https://issues.apache.org/jira/browse/filter=12337975#
>>>> <https://issues.apache.org/jira/browse/filter=12337975#>*
>>>>
>
>
>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Sean Busbey <bu...@cloudera.com>.
Ooof. it's always rough when this stuff gets out of sync. FWIW, as a
non-binding community participant, I'd label this stuff a blocker on
further releases. It's too easy to let it slip and is one of the few
mandatory responsibilities we get from the board as a project.
In my prior experience, the key to avoiding this being a months-long
release dry spell (as happened to HBase, Hadoop, and Avro) is managing
to parallelize the work of getting things resolved. It also helps to
get an idea of what the PMC considers must-do for compliance and what
they consider nice-to-have. For some that has been automation and
correct marking on an artifact-by-artifact basis (the strictest
interpretation of the asf policy), for others it has been something
manual that's sufficient to meet the requirements of all upstream
licenses (the loosest interpretation of the asf policy).
Perhaps a [DISCUSS] thread in parallel to Josh filing JIRAs would be
helpful? Right now it looks like all but the Apache Phoenix
4.8.0-HBase-1.1 RC have sufficient votes to pass, so the separate
thread might help get better PMC attention to the issue.
On Sun, Jul 17, 2016 at 2:42 PM, Andrew Purtell
<an...@gmail.com> wrote:
> A partial prescription:
>
> - Looks like no updates to LICENSE or NOTICE were done when the trace app GSoC project was merged, hence the issues with bootstrap and other bundled JavaScript. Time to do a top to bottom review?
>
> - Prune RAT exclusions to the minimum and fix reported issues.
>
> - Over on HBase we also faced a big divergence in what is included in source and binary convenience artifacts, due to the ton of extra deps that come with upstream binaries and runtime concerns like embedded UIs. We fixed this through maven based automated assembly of binary LICENSE and NOTICE files using templates and velocity macros. Sean Busbey did the lion's share of the work. Refer to https://issues.apache.org/jira/browse/HBASE-14085 . It was a significant effort.
>
>
>
>> On Jul 17, 2016, at 10:53 AM, Josh Elser <el...@apache.org> wrote:
>>
>> -1 (non-binding) from me with my Phoenix hat on (avoiding putting on the ASF member hat for now). Lots of wrong licensing stuff in here -- as-in, this should very definitely not go out as a release. I hope the Phoenix PMC steps up to -1 this release on their own.
>>
>> *** Source release:
>>
>> Good:
>> * MD5 and GPG sig is fine
>> * KEYS is good
>> * Did not find any binary files
>> * Was able to build the source code
>>
>> Bad:
>> * SHA1 xsum is wrong. It looks like complete nonsense to me, but I can't find the appropriate xsum in that file (which was 64208164580f3467cd2c8b51c0d9f8ac37f0c671)
>> * Lots of "Copyright ASF" in Java source files which should not be there.
>> * No license headers on any Apache Phoenix JS files. Looks like these are completely ignored by the apache-rat check which is very bad.
>> - All properties files are ignored. They can and should have license headers (./phoenix-pherf/src/test/resources/pherf.test.properties is missing headers now, and is just garbled)
>> * Would be good to have the artifact name be "apache-phoenix-$version.tar.gz" as that's the project's proper name.
>>
>> * NOTICE problems
>> - No Apache Phoenix copyright (should be 20XX-2016)
>> - Source release does not include HBase, Hadoop, or Commons, does it? Do we have copied code from these projects in Phoenix source?
>> - JUnit, SLF4j, JLine, and Antlr are not included in the source release, they do not belong here.
>> - Sqlline entry has the wrong website and doesn't belong in NOTICE (should go in LICENSE)
>>
>> * LICENSE problems
>> - ENTIRELY NO MENTION of tons of libraries:
>> + Bootstrap (Twitter with MIT license)
>> + JQuery (JQuery Foundation with MIT license)
>> + AngularJS and Angular-Mocks 1.3.15 (Google, inc. with MIT license)
>> + Angular-Routes 1.3.8 (Google, inc with MIT license)
>> + Google Chart Api Directive Module for AngularJS (Nicolas Bouillon with MIT)
>> + angular-ui-bootstrap (http://angular-ui.github.io/bootstrap/ with MIT)
>> + Sqlline (Marc Prud'hommeaux with BSD)
>> + Glyphicons (http://glyphicons.com with CC-By 3.0)
>> + Fontawesome fonts (http://fontawesome.io with SIL Open Font license -- which falls into category-b for the ASF for those playing along)
>>
>>
>> *** Binary release:
>>
>> Good:
>> * MD5 and GPG sig are fine
>>
>> Other:
>> * I'm not sure how to handle the L&N for the tarball itself (since they just contain JARs which are in themselves a "binary release"). e.g. should the top-level L&N files contain the aggregate L&N for all JARs in the binary tarball?
>>
>> Bad:
>> * SHA1 is again garbled (I computed 817b68246f8d9c9fc5317660ad1021752996d1f1)
>>
>> NOTICE problems (tarball):
>> - Wrong Apache Phoenix copyright (2014, not 20XX-2016)
>> - Completely different sqlline copyright/license notice than in source release! Which one is correct?? Also, license information belongs in LICENSE, not in NOTICE.
>> - I would strongly bet that Apache Hadoop and HBase both have information in their NOTICE files which requires propagation (e.g. things other than "Copyright ASF" which is not required).
>>
>> LICENSE problems (tarball):
>> - See all of the same issues from the LICENSE problems in the source-release.
>>
>> For phoenix-client.jar:
>> - Multiple LICENSE files lying around but nothing which seems accurate for the binary artifact being released -- this information should be self-contained in one file (commonly META-INF/{LICENSE,NOTICE}).
>> - Not going to enumerate all of the issues, but I see there is at least one issue in HSQLDB as it's BSD license and not included in LICENSE. I'm guessing this is missing tons of necessary entries.
>>
>> For phoenix-tracing-webapp-4.8.0-HBase-1.2-runnable.jar:
>> - Absolutely no mention of the bundled javascript libraries as outlined in the source-release.
>> - (A hunch) missing a necessary entry for UnixCrypt per https://github.com/eclipse/jetty.project/blob/jetty-8.1.16.v20140903/NOTICE.txt. There's no git tag for the 8.1.7 version we use.
>>
>> For now, I'm going to omit going through the rest, but I have lots of fear over the other shaded jars being similarly inadequate.
>>
>> - Josh
>>
>> Ankit Singhal wrote:
>>> Hello Everyone,
>>>
>>> This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
>>> the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
>>> The release includes both a source-only release and a convenience binary
>>> release.
>>>
>>> This release has feature parity with our other pending 4.8.0 releases and
>>> includes the following improvements:
>>> - Local Index improvements[1]
>>> - Phoenix hive integration[2]
>>> - Namespace mapping support[3]
>>> - Many VIEW enhancements[4]
>>> - Offset support for paging queries[5]
>>> - 100+ Bugs resolved[6]
>>> - Many performance enhancements(related to StatsCache, distinct, Serial
>>> query with Stats etc)
>>>
>>> The source tarball, including signatures, digests, etc can be found at:
>>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
>>>
>>> The binary artifacts can be found at:
>>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
>>>
>>> For a complete list of changes, see:
>>> *https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
>>> <https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120>*
>>>
>>> Release artifacts are signed with the following key:
>>> *https://people.apache.org/keys/committer/ankit.asc
>>> <https://people.apache.org/keys/committer/ankit.asc>*
>>>
>>> KEYS file available here:
>>> https://dist.apache.org/repos/dist/dev/phoenix/KEYS
>>>
>>> The hash and tag to be voted upon:
>>> *https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
>>> <https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138>*
>>> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
>>>
>>> Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
>>>
>>> [ ] +1 approve
>>> [ ] +0 no opinion
>>> [ ] -1 disapprove (and reason why)
>>>
>>> Thanks,
>>> The Apache Phoenix Team
>>>
>>> [1] https://issues.apache.org/jira/browse/PHOENIX-1734
>>> [2] https://issues.apache.org/jira/browse/PHOENIX-2743
>>> [3] https://issues.apache.org/jira/browse/PHOENIX-1311
>>> [4] https://issues.apache.org/jira/browse/PHOENIX-1508
>>> [5] https://issues.apache.org/jira/browse/PHOENIX-2722
>>> [6] *https://issues.apache.org/jira/browse/filter=12337975#
>>> <https://issues.apache.org/jira/browse/filter=12337975#>*
>>>
--
busbey
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Andrew Purtell <an...@gmail.com>.
A partial prescription:
- Looks like no updates to LICENSE or NOTICE were done when the trace app GSoC project was merged, hence the issues with bootstrap and other bundled JavaScript. Time to do a top to bottom review?
- Prune RAT exclusions to the minimum and fix reported issues.
- Over on HBase we also faced a big divergence in what is included in source and binary convenience artifacts, due to the ton of extra deps that come with upstream binaries and runtime concerns like embedded UIs. We fixed this through maven based automated assembly of binary LICENSE and NOTICE files using templates and velocity macros. Sean Busbey did the lion's share of the work. Refer to https://issues.apache.org/jira/browse/HBASE-14085 . It was a significant effort.
> On Jul 17, 2016, at 10:53 AM, Josh Elser <el...@apache.org> wrote:
>
> -1 (non-binding) from me with my Phoenix hat on (avoiding putting on the ASF member hat for now). Lots of wrong licensing stuff in here -- as-in, this should very definitely not go out as a release. I hope the Phoenix PMC steps up to -1 this release on their own.
>
> *** Source release:
>
> Good:
> * MD5 and GPG sig is fine
> * KEYS is good
> * Did not find any binary files
> * Was able to build the source code
>
> Bad:
> * SHA1 xsum is wrong. It looks like complete nonsense to me, but I can't find the appropriate xsum in that file (which was 64208164580f3467cd2c8b51c0d9f8ac37f0c671)
> * Lots of "Copyright ASF" in Java source files which should not be there.
> * No license headers on any Apache Phoenix JS files. Looks like these are completely ignored by the apache-rat check which is very bad.
> - All properties files are ignored. They can and should have license headers (./phoenix-pherf/src/test/resources/pherf.test.properties is missing headers now, and is just garbled)
> * Would be good to have the artifact name be "apache-phoenix-$version.tar.gz" as that's the project's proper name.
>
> * NOTICE problems
> - No Apache Phoenix copyright (should be 20XX-2016)
> - Source release does not include HBase, Hadoop, or Commons, does it? Do we have copied code from these projects in Phoenix source?
> - JUnit, SLF4j, JLine, and Antlr are not included in the source release, they do not belong here.
> - Sqlline entry has the wrong website and doesn't belong in NOTICE (should go in LICENSE)
>
> * LICENSE problems
> - ENTIRELY NO MENTION of tons of libraries:
> + Bootstrap (Twitter with MIT license)
> + JQuery (JQuery Foundation with MIT license)
> + AngularJS and Angular-Mocks 1.3.15 (Google, inc. with MIT license)
> + Angular-Routes 1.3.8 (Google, inc with MIT license)
> + Google Chart Api Directive Module for AngularJS (Nicolas Bouillon with MIT)
> + angular-ui-bootstrap (http://angular-ui.github.io/bootstrap/ with MIT)
> + Sqlline (Marc Prud'hommeaux with BSD)
> + Glyphicons (http://glyphicons.com with CC-By 3.0)
> + Fontawesome fonts (http://fontawesome.io with SIL Open Font license -- which falls into category-b for the ASF for those playing along)
>
>
> *** Binary release:
>
> Good:
> * MD5 and GPG sig are fine
>
> Other:
> * I'm not sure how to handle the L&N for the tarball itself (since they just contain JARs which are in themselves a "binary release"). e.g. should the top-level L&N files contain the aggregate L&N for all JARs in the binary tarball?
>
> Bad:
> * SHA1 is again garbled (I computed 817b68246f8d9c9fc5317660ad1021752996d1f1)
>
> NOTICE problems (tarball):
> - Wrong Apache Phoenix copyright (2014, not 20XX-2016)
> - Completely different sqlline copyright/license notice than in source release! Which one is correct?? Also, license information belongs in LICENSE, not in NOTICE.
> - I would strongly bet that Apache Hadoop and HBase both have information in their NOTICE files which requires propagation (e.g. things other than "Copyright ASF" which is not required).
>
> LICENSE problems (tarball):
> - See all of the same issues from the LICENSE problems in the source-release.
>
> For phoenix-client.jar:
> - Multiple LICENSE files lying around but nothing which seems accurate for the binary artifact being released -- this information should be self-contained in one file (commonly META-INF/{LICENSE,NOTICE}).
> - Not going to enumerate all of the issues, but I see there is at least one issue in HSQLDB as it's BSD license and not included in LICENSE. I'm guessing this is missing tons of necessary entries.
>
> For phoenix-tracing-webapp-4.8.0-HBase-1.2-runnable.jar:
> - Absolutely no mention of the bundled javascript libraries as outlined in the source-release.
> - (A hunch) missing a necessary entry for UnixCrypt per https://github.com/eclipse/jetty.project/blob/jetty-8.1.16.v20140903/NOTICE.txt. There's no git tag for the 8.1.7 version we use.
>
> For now, I'm going to omit going through the rest, but I have lots of fear over the other shaded jars being similarly inadequate.
>
> - Josh
>
> Ankit Singhal wrote:
>> Hello Everyone,
>>
>> This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
>> the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
>> The release includes both a source-only release and a convenience binary
>> release.
>>
>> This release has feature parity with our other pending 4.8.0 releases and
>> includes the following improvements:
>> - Local Index improvements[1]
>> - Phoenix hive integration[2]
>> - Namespace mapping support[3]
>> - Many VIEW enhancements[4]
>> - Offset support for paging queries[5]
>> - 100+ Bugs resolved[6]
>> - Many performance enhancements(related to StatsCache, distinct, Serial
>> query with Stats etc)
>>
>> The source tarball, including signatures, digests, etc can be found at:
>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
>>
>> The binary artifacts can be found at:
>> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
>>
>> For a complete list of changes, see:
>> *https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
>> <https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120>*
>>
>> Release artifacts are signed with the following key:
>> *https://people.apache.org/keys/committer/ankit.asc
>> <https://people.apache.org/keys/committer/ankit.asc>*
>>
>> KEYS file available here:
>> https://dist.apache.org/repos/dist/dev/phoenix/KEYS
>>
>> The hash and tag to be voted upon:
>> *https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
>> <https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138>*
>> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
>>
>> Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
>>
>> [ ] +1 approve
>> [ ] +0 no opinion
>> [ ] -1 disapprove (and reason why)
>>
>> Thanks,
>> The Apache Phoenix Team
>>
>> [1] https://issues.apache.org/jira/browse/PHOENIX-1734
>> [2] https://issues.apache.org/jira/browse/PHOENIX-2743
>> [3] https://issues.apache.org/jira/browse/PHOENIX-1311
>> [4] https://issues.apache.org/jira/browse/PHOENIX-1508
>> [5] https://issues.apache.org/jira/browse/PHOENIX-2722
>> [6] *https://issues.apache.org/jira/browse/filter=12337975#
>> <https://issues.apache.org/jira/browse/filter=12337975#>*
>>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Josh Elser <el...@apache.org>.
-1 (non-binding) from me with my Phoenix hat on (avoiding putting on the
ASF member hat for now). Lots of wrong licensing stuff in here -- as-in,
this should very definitely not go out as a release. I hope the Phoenix
PMC steps up to -1 this release on their own.
*** Source release:
Good:
* MD5 and GPG sig is fine
* KEYS is good
* Did not find any binary files
* Was able to build the source code
Bad:
* SHA1 xsum is wrong. It looks like complete nonsense to me, but I can't
find the appropriate xsum in that file (which was
64208164580f3467cd2c8b51c0d9f8ac37f0c671)
* Lots of "Copyright ASF" in Java source files which should not be there.
* No license headers on any Apache Phoenix JS files. Looks like these
are completely ignored by the apache-rat check which is very bad.
- All properties files are ignored. They can and should have license
headers (./phoenix-pherf/src/test/resources/pherf.test.properties is
missing headers now, and is just garbled)
* Would be good to have the artifact name be
"apache-phoenix-$version.tar.gz" as that's the project's proper name.
* NOTICE problems
- No Apache Phoenix copyright (should be 20XX-2016)
- Source release does not include HBase, Hadoop, or Commons, does it?
Do we have copied code from these projects in Phoenix source?
- JUnit, SLF4j, JLine, and Antlr are not included in the source
release, they do not belong here.
- Sqlline entry has the wrong website and doesn't belong in NOTICE
(should go in LICENSE)
* LICENSE problems
- ENTIRELY NO MENTION of tons of libraries:
+ Bootstrap (Twitter with MIT license)
+ JQuery (JQuery Foundation with MIT license)
+ AngularJS and Angular-Mocks 1.3.15 (Google, inc. with MIT license)
+ Angular-Routes 1.3.8 (Google, inc with MIT license)
+ Google Chart Api Directive Module for AngularJS (Nicolas
Bouillon with MIT)
+ angular-ui-bootstrap (http://angular-ui.github.io/bootstrap/
with MIT)
+ Sqlline (Marc Prud'hommeaux with BSD)
+ Glyphicons (http://glyphicons.com with CC-By 3.0)
+ Fontawesome fonts (http://fontawesome.io with SIL Open Font
license -- which falls into category-b for the ASF for those playing along)
*** Binary release:
Good:
* MD5 and GPG sig are fine
Other:
* I'm not sure how to handle the L&N for the tarball itself (since they
just contain JARs which are in themselves a "binary release"). e.g.
should the top-level L&N files contain the aggregate L&N for all JARs in
the binary tarball?
Bad:
* SHA1 is again garbled (I computed
817b68246f8d9c9fc5317660ad1021752996d1f1)
NOTICE problems (tarball):
- Wrong Apache Phoenix copyright (2014, not 20XX-2016)
- Completely different sqlline copyright/license notice than in
source release! Which one is correct?? Also, license information belongs
in LICENSE, not in NOTICE.
- I would strongly bet that Apache Hadoop and HBase both have
information in their NOTICE files which requires propagation (e.g.
things other than "Copyright ASF" which is not required).
LICENSE problems (tarball):
- See all of the same issues from the LICENSE problems in the
source-release.
For phoenix-client.jar:
- Multiple LICENSE files lying around but nothing which seems
accurate for the binary artifact being released -- this information
should be self-contained in one file (commonly META-INF/{LICENSE,NOTICE}).
- Not going to enumerate all of the issues, but I see there is at
least one issue in HSQLDB as it's BSD license and not included in
LICENSE. I'm guessing this is missing tons of necessary entries.
For phoenix-tracing-webapp-4.8.0-HBase-1.2-runnable.jar:
- Absolutely no mention of the bundled javascript libraries as
outlined in the source-release.
- (A hunch) missing a necessary entry for UnixCrypt per
https://github.com/eclipse/jetty.project/blob/jetty-8.1.16.v20140903/NOTICE.txt.
There's no git tag for the 8.1.7 version we use.
For now, I'm going to omit going through the rest, but I have lots of
fear over the other shaded jars being similarly inadequate.
- Josh
Ankit Singhal wrote:
> Hello Everyone,
>
> This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
> the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
> The release includes both a source-only release and a convenience binary
> release.
>
> This release has feature parity with our other pending 4.8.0 releases and
> includes the following improvements:
> - Local Index improvements[1]
> - Phoenix hive integration[2]
> - Namespace mapping support[3]
> - Many VIEW enhancements[4]
> - Offset support for paging queries[5]
> - 100+ Bugs resolved[6]
> - Many performance enhancements(related to StatsCache, distinct, Serial
> query with Stats etc)
>
> The source tarball, including signatures, digests, etc can be found at:
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
>
> The binary artifacts can be found at:
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
>
> For a complete list of changes, see:
> *https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
> <https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120>*
>
> Release artifacts are signed with the following key:
> *https://people.apache.org/keys/committer/ankit.asc
> <https://people.apache.org/keys/committer/ankit.asc>*
>
> KEYS file available here:
> https://dist.apache.org/repos/dist/dev/phoenix/KEYS
>
> The hash and tag to be voted upon:
> *https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
> <https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138>*
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
>
> Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> Thanks,
> The Apache Phoenix Team
>
> [1] https://issues.apache.org/jira/browse/PHOENIX-1734
> [2] https://issues.apache.org/jira/browse/PHOENIX-2743
> [3] https://issues.apache.org/jira/browse/PHOENIX-1311
> [4] https://issues.apache.org/jira/browse/PHOENIX-1508
> [5] https://issues.apache.org/jira/browse/PHOENIX-2722
> [6] *https://issues.apache.org/jira/browse/filter=12337975#
> <https://issues.apache.org/jira/browse/filter=12337975#>*
>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by Mujtaba Chohan <mu...@apache.org>.
+1.
verified binary/src distribution and utests.
On Fri, Jul 15, 2016 at 1:31 AM, rajeshbabu@apache.org <
chrajeshbabu32@gmail.com> wrote:
> +1
> - Verified the signatures.
> - Downloaded source and ran the test and all are passed.
> - Downloaded tar ball and ran basic tests
> - Loaded data through bulkload job and some local index tests everything
> fine.
> - Ran some query server related tests and everything cool.
>
> Thanks,
> Rajeshbabu.
>
>
> On Fri, Jul 15, 2016 at 1:44 PM, James Taylor <ja...@apache.org>
> wrote:
>
> > +1. Great work on the release, everyone! Good to have support for HBase
> 1.2
> > now.
> >
> > James
> >
> > On Thu, Jul 14, 2016 at 6:54 AM, Ankit Singhal <ankitsinghal59@gmail.com
> >
> > wrote:
> >
> > > Hello Everyone,
> > >
> > > This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This
> is
> > > the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
> > > The release includes both a source-only release and a convenience
> binary
> > > release.
> > >
> > > This release has feature parity with our other pending 4.8.0 releases
> and
> > > includes the following improvements:
> > > - Local Index improvements[1]
> > > - Phoenix hive integration[2]
> > > - Namespace mapping support[3]
> > > - Many VIEW enhancements[4]
> > > - Offset support for paging queries[5]
> > > - 100+ Bugs resolved[6]
> > > - Many performance enhancements(related to StatsCache, distinct, Serial
> > > query with Stats etc)
> > >
> > > The source tarball, including signatures, digests, etc can be found at:
> > >
> > >
> >
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
> > >
> > > The binary artifacts can be found at:
> > >
> > >
> >
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
> > >
> > > For a complete list of changes, see:
> > > *
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
> > > <
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
> > > >*
> > >
> > > Release artifacts are signed with the following key:
> > > *https://people.apache.org/keys/committer/ankit.asc
> > > <https://people.apache.org/keys/committer/ankit.asc>*
> > >
> > > KEYS file available here:
> > > https://dist.apache.org/repos/dist/dev/phoenix/KEYS
> > >
> > > The hash and tag to be voted upon:
> > > *
> > >
> >
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
> > > <
> > >
> >
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
> > > >*
> > >
> > >
> >
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
> > >
> > > Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
> > >
> > > [ ] +1 approve
> > > [ ] +0 no opinion
> > > [ ] -1 disapprove (and reason why)
> > >
> > > Thanks,
> > > The Apache Phoenix Team
> > >
> > > [1] https://issues.apache.org/jira/browse/PHOENIX-1734
> > > [2] https://issues.apache.org/jira/browse/PHOENIX-2743
> > > [3] https://issues.apache.org/jira/browse/PHOENIX-1311
> > > [4] https://issues.apache.org/jira/browse/PHOENIX-1508
> > > [5] https://issues.apache.org/jira/browse/PHOENIX-2722
> > > [6] *https://issues.apache.org/jira/browse/filter=12337975#
> > > <https://issues.apache.org/jira/browse/filter=12337975#>*
> > >
> >
>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by "rajeshbabu@apache.org" <ch...@gmail.com>.
+1
- Verified the signatures.
- Downloaded source and ran the test and all are passed.
- Downloaded tar ball and ran basic tests
- Loaded data through bulkload job and some local index tests everything
fine.
- Ran some query server related tests and everything cool.
Thanks,
Rajeshbabu.
On Fri, Jul 15, 2016 at 1:44 PM, James Taylor <ja...@apache.org>
wrote:
> +1. Great work on the release, everyone! Good to have support for HBase 1.2
> now.
>
> James
>
> On Thu, Jul 14, 2016 at 6:54 AM, Ankit Singhal <an...@gmail.com>
> wrote:
>
> > Hello Everyone,
> >
> > This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
> > the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
> > The release includes both a source-only release and a convenience binary
> > release.
> >
> > This release has feature parity with our other pending 4.8.0 releases and
> > includes the following improvements:
> > - Local Index improvements[1]
> > - Phoenix hive integration[2]
> > - Namespace mapping support[3]
> > - Many VIEW enhancements[4]
> > - Offset support for paging queries[5]
> > - 100+ Bugs resolved[6]
> > - Many performance enhancements(related to StatsCache, distinct, Serial
> > query with Stats etc)
> >
> > The source tarball, including signatures, digests, etc can be found at:
> >
> >
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
> >
> > The binary artifacts can be found at:
> >
> >
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
> >
> > For a complete list of changes, see:
> > *
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
> > <
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
> > >*
> >
> > Release artifacts are signed with the following key:
> > *https://people.apache.org/keys/committer/ankit.asc
> > <https://people.apache.org/keys/committer/ankit.asc>*
> >
> > KEYS file available here:
> > https://dist.apache.org/repos/dist/dev/phoenix/KEYS
> >
> > The hash and tag to be voted upon:
> > *
> >
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
> > <
> >
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
> > >*
> >
> >
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
> >
> > Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
> >
> > [ ] +1 approve
> > [ ] +0 no opinion
> > [ ] -1 disapprove (and reason why)
> >
> > Thanks,
> > The Apache Phoenix Team
> >
> > [1] https://issues.apache.org/jira/browse/PHOENIX-1734
> > [2] https://issues.apache.org/jira/browse/PHOENIX-2743
> > [3] https://issues.apache.org/jira/browse/PHOENIX-1311
> > [4] https://issues.apache.org/jira/browse/PHOENIX-1508
> > [5] https://issues.apache.org/jira/browse/PHOENIX-2722
> > [6] *https://issues.apache.org/jira/browse/filter=12337975#
> > <https://issues.apache.org/jira/browse/filter=12337975#>*
> >
>
Re: [VOTE] Release of Apache Phoenix 4.8.0-HBase-1.2 RC0
Posted by James Taylor <ja...@apache.org>.
+1. Great work on the release, everyone! Good to have support for HBase 1.2
now.
James
On Thu, Jul 14, 2016 at 6:54 AM, Ankit Singhal <an...@gmail.com>
wrote:
> Hello Everyone,
>
> This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
> the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
> The release includes both a source-only release and a convenience binary
> release.
>
> This release has feature parity with our other pending 4.8.0 releases and
> includes the following improvements:
> - Local Index improvements[1]
> - Phoenix hive integration[2]
> - Namespace mapping support[3]
> - Many VIEW enhancements[4]
> - Offset support for paging queries[5]
> - 100+ Bugs resolved[6]
> - Many performance enhancements(related to StatsCache, distinct, Serial
> query with Stats etc)
>
> The source tarball, including signatures, digests, etc can be found at:
>
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
>
> The binary artifacts can be found at:
>
> https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
>
> For a complete list of changes, see:
> *
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
> <
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
> >*
>
> Release artifacts are signed with the following key:
> *https://people.apache.org/keys/committer/ankit.asc
> <https://people.apache.org/keys/committer/ankit.asc>*
>
> KEYS file available here:
> https://dist.apache.org/repos/dist/dev/phoenix/KEYS
>
> The hash and tag to be voted upon:
> *
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
> <
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
> >*
>
> https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
>
> Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> Thanks,
> The Apache Phoenix Team
>
> [1] https://issues.apache.org/jira/browse/PHOENIX-1734
> [2] https://issues.apache.org/jira/browse/PHOENIX-2743
> [3] https://issues.apache.org/jira/browse/PHOENIX-1311
> [4] https://issues.apache.org/jira/browse/PHOENIX-1508
> [5] https://issues.apache.org/jira/browse/PHOENIX-2722
> [6] *https://issues.apache.org/jira/browse/filter=12337975#
> <https://issues.apache.org/jira/browse/filter=12337975#>*
>