You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Jean-Baptiste Onofré <jb...@nanthrax.net> on 2016/01/26 14:46:37 UTC
[VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Hi all,
I submit Apache Unomi 1.0.0-incubating release to your vote (take 2, new
tentative fixing src distributions and NOTICE file).
A vote was held on developer mailing list and it passed with +1s.
Vote thread:
http://mail-archives.apache.org/mod_mbox/incubator-unomi-dev/201601.mbox/%3C569E3163.2090001%40nanthrax.net%3E
Result thread:
http://mail-archives.apache.org/mod_mbox/incubator-unomi-dev/201601.mbox/%3C56A76D25.5020503%40nanthrax.net%3E
The src distributions are located:
*
https://repository.apache.org/content/repositories/orgapacheunomi-1003/org/apache/unomi/unomi/1.0.0-incubating/unomi-1.0.0-incubating-src.tar.gz
*
https://repository.apache.org/content/repositories/orgapacheunomi-1003/org/apache/unomi/unomi/1.0.0-incubating/unomi-1.0.0-incubating-src.zip
The vote is open for 72 hours:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Thanks,
Regards
JB
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Posted by Justin Mclean <ju...@classsoftware.com>.
HI,
Sorry I posted to the wrong vote thread I’ll repost to the correct one.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
+1 binding
I checked:
- incubating in file name
- hashes and signatures good
- DISCLAIMER exits
- Source LICENSE good (although the short form of the license is prefered) [1]
- Source NOICE has a little bit of extra info in it - there's no need to mention MIT software [1]
- No unexpected binary files in source release
- All source files have Apache headers
- Unable to compile from source
I got this error when compiling - looks like a path may be wrong:
[INFO] Apache Unomi :: Distribution Package ............... FAILURE [ 0.568 s]
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7:run (copy-karaf) on project unomi: An Ant BuildException has occured: /Users/justinmclean/Downloads/ApacheUnomi/unomi-1.0.0-incubating/package/target/assembly/elasticsearch-1.6.2/lib/sigar does not exist.
Everything else compiled fine it just looks like creating the distribution package failed, I’m assuming this is not a big issue.
I think the path should be??
./unomi-1.0.0-incubating/package/target/assembly/lib/sigar/
You may want to fix header on this file [2].
Also can you please place the binaries in the correct place, this was raised as an issue for the last release candidate.
Now for the binary convenience release, sorry this is long, but I think a bit more work need to be done here.
The LICENSE file:
- Boiler place Apache license should be at the top often file
- Please use short form of the licenses
- It not clear what is licensed under the CDDL or GPL licenses
- GPLv2 is considered a category X license and should not be bundled with Apache software. Why is this here?
- Is missing a large number of licences that require being put in LICENSE
For what I could find GPL software bundled includes woodstock [4], code model [5] and tanuki software java service wrapper [12] . Is there other bundled GPL software? Is the GPL issue known about and is the intent to replace that software?
License should contain:
- non ASF licensed software including bndlib, Jackson core, jackson databind, Jackson annotations, Fast Infoset Standard for Binary XML, ehcache, jettison, elastic search, jansi, sigar (was GPL may need to double check), jledit, Joda-Time, Fast Infoset Project, OpenWS, several ops4j projects, osgi jmx, slf4j, spring framework, SnakeYAML, Spatial4j, Quality Check, UAdetector, GeoIP2, Google HTTP Client Library For Java, MaxMind DB, mvel2
- CPL license wsdl4j
- CDDL JAXB Binding Compiler, JAXB Runtime module
- dual license CDDL/GPL code model, sun el [6], stack commons, Java mail [7], SOAP with Attachments API for Java [8], TXW2 Runtime [9], XSOM,
- BSD licensed Jline, Stax2, knopflerfish, ASM, RelaxngDatatype, StringTemplate 4
- public domain AOP Alliance, SAX
- EPL Eclipses’s aether, eclipse core runtime, equinox, java development tools core
- EPL/Apache dual licensed Jetty (may actually be a mix of CDDL, EPL and GPL)
- dual licensed(?) EPL/Apache hawtjni
- MIT licensed RELAX NG Object Model / Parser
- MPL licensed Rhino, juniversalchardet
- W3C dom
- licenses from Sigar notice file
- Apache 1.1 license Apache Avalon , Apache Xalan
- double check what included from Apache CXF [13]
- double check what’s included from Apache Felix (no LICENSE/NOTICE in github mirror)
- include what is in Apache Karaf license file (if bundled)
- MPL license software form Apaceh Servicemix notice file
- double check what’s been bundled from Apaceh Xerces (no LICENSE/NOTICE in github mirror)
The the dual license CDDL/GPL can be treated as GPL if you don’t specify the license choice. (see links below) You probably need to put this in the NOTICE file.
Sigar's license may be an issue as while it’s Apache licensed it also includes further restrictions [11]
"You acknowledge that Software is not designed, licensed or intended for use in
the design, construction, operation or maintenance of any nuclear facility
("High Risk Activities"). “
I did this fairly quickly and will have missed a few things, you just need to look at the jars you are including and what is inside them. I notice some bundled jars also
contain jars so you’ll need to look in those as well. I may of got the versions wrong and different versions could be licensed under different licenses.
The NOTICE file:
- No need to list MIT or BSD or Apace licensed in NOTICE
- No need to include everything from the sigar NOTICE probably only the copyright line is needed but not 100% sure
- No need to list copyright for org.apache.karaf.management, org.apache.openwebbeans, HttpCore, org.apache.sshd, org.apache.servicemix.bundles, commons-lang, org.apache.karaf.features, org.apache.mina, org.apache.karaf.kar, org.apache.karaf.jaas, org.apache.karaf.bundle, org.apache.karaf.deployer, org.apache.aries etc etc etc
- No need for extra "This product includes software developed by the ASF”
- Any non ASF Apache license software copyright should be in LICENSE not NOTICE
- Notice for opensaml looks incorrect [3]?
- Even with the amount of bundled software here I expect the NOTICE file to be closer to 100 lines rather than the 1000 lines it is
Notice files I saw that IMO may effect NOTICE include:
Apache Santuario, Jetty, Sigar, Apache Avalon, Apache Commons Codec, Apache Felix, Apache Geronimo, Apache Karaf, Apache Neethi, Apache Xalan, Apache Xerces
Also note the dual CDDL/GPL license info mention above.
Thanks,
Justin
1. http://www.apache.org/dev/licensing-howto.html#permissive-deps
2. ./samples/tweet-button-plugin/src/main/resources/OSGI-INF/blueprint/blueprint.xml
3. https://github.com/OpenConext/spring-security-opensaml/blob/master/NOTICE.TXT
4. http://central.maven.org/maven2/com/ctc/wstx/woodstox-osgi/3.2.1.1/woodstox-osgi-3.2.1.1.pom
5. http://central.maven.org/maven2/com/sun/codemodel/codemodel-project/2.6/codemodel-project-2.6.pom
6. https://java.net/projects/el-spec/sources/source-code/content/trunk/pom.xml?rev=285 (Notice this would effect the NOTICE file)
7. http://central.maven.org/maven2/com/sun/mail/all/1.5.2/all-1.5.2.pom (would also effect notice)
8. http://central.maven.org/maven2/com/sun/xml/messaging/saaj/saaj-impl/1.3.15/saaj-impl-1.3.15.pom (same here)
9 .http://central.maven.org/maven2/com/sun/xml/txw2/txw2/20110809/txw2-20110809.pom (same here)
10 https://github.com/fusesource/hawtjni/blob/master/license.txt
11. https://github.com/hyperic/sigar/blob/master/NOTICE
12. https://wrapper.tanukisoftware.com/doc/english/licenseOverview.html
13. http://cxf.apache.org/docs/licenses.html
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Justin,
thanks for the guidance. You are right, it's our role as mentors to
help, I missed the binaries in the src distribution (my bad), but the
NOTICE looked good to me (in regards of the dependencies usage in
assembly and Maven pom).
Thanks !
Regards
JB
On 01/27/2016 05:52 AM, Justin Mclean wrote:
> HI,
>
>> For the NOTICE, as said on another thread, honestly, it's very difficult to know what to include or not.
>
> Just follow the how to [1] and get a couple of people to review. Your mentors should be able to help as well. What matters is what is bundled and how those bundled bits are licensed. Following that document should be able to get it reasonably close as it covers most common cases.
>
> For binaries the best way I’ve found to work out what is needed is to look at each jar and see what it contains. I use vi if it’s just a few jars or sometime extract the class names and sort like so:
> find . -name “*.jar” -exec jar tf {} \; | sort -u
>
> Usually the class paths are good enough to work out what needs to go in LICENSE/NOTICE. i.e. take the class path look up the software licence and work out what needs to be done.
>
> Note if you make multiple jars you might want to check the LICENSE and NOTICE in each jar as well as they may need to be different depend on the jar’s contents.
>
> Thanks,
> Justin
>
> 1. http://www.apache.org/dev/licensing-howto.html#assembling-license-and-notice
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Posted by Justin Mclean <ju...@classsoftware.com>.
HI,
> For the NOTICE, as said on another thread, honestly, it's very difficult to know what to include or not.
Just follow the how to [1] and get a couple of people to review. Your mentors should be able to help as well. What matters is what is bundled and how those bundled bits are licensed. Following that document should be able to get it reasonably close as it covers most common cases.
For binaries the best way I’ve found to work out what is needed is to look at each jar and see what it contains. I use vi if it’s just a few jars or sometime extract the class names and sort like so:
find . -name “*.jar” -exec jar tf {} \; | sort -u
Usually the class paths are good enough to work out what needs to go in LICENSE/NOTICE. i.e. take the class path look up the software licence and work out what needs to be done.
Note if you make multiple jars you might want to check the LICENSE and NOTICE in each jar as well as they may need to be different depend on the jar’s contents.
Thanks,
Justin
1. http://www.apache.org/dev/licensing-howto.html#assembling-license-and-notice
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Justin,
thanks for the feedback.
For the binary, we gonna fix that.
For the NOTICE, as said on another thread, honestly, it's very difficult
to know what to include or not. Serge generated the NOTICE file (note
that the NOTICE generated is not the same in binary and source
distributions) using the details from the licensing how-to, but it's not
obvious and it seems that we are not all aligned on the mailing list.
So, we gonna update with your feedback.
I gonna cancel the release and do it again.
Thanks,
Regards
JB
On 01/27/2016 02:07 AM, Justin Mclean wrote:
> Hi,
>
> Sorry but it’s -1 binding as there are unexpected binary files in the source release.
>
> There are a few other things that need to be fixed but they wouldn’t be blockers (IMO) for this release.
>
> I checked:
> - name includes incubating
> - signatures all good
> - DISCLAIMER exists
> - LICENSE is OK
> - NOTICE has extra information. There is no need to add anything to NOTICE for MIT license software [1] or (usually) for Apache licensed software. [2] NOTICE needs to be keep small. [7]
> - NOTICE may be missing information. Hyperic Sigar contains a NOTICE file (which incorrectly lists MIT and Apache software). [12] It may be that some of these notices need to be added to NOTICE or LICENSE. [11]
> - There are unexpected binary files in the release (see below).
> - All source files contain Apache header
> - Can compile from source
>
> Binary files under [10] include:
> libsigar-amd64-freebsd-6.so libsigar-x86-freebsd-5.so
> libsigar-amd64-linux.so libsigar-x86-freebsd-6.so
> libsigar-amd64-solaris.so libsigar-x86-linux.so
> libsigar-ia64-linux.so libsigar-x86-solaris.so
> libsigar-sparc-solaris.so sigar-amd64-winnt.dll
> libsigar-sparc64-solaris.so sigar-x86-winnt.dll
> libsigar-universal-macosx.dylib sigar-x86-winnt.lib
> libsigar-universal64-macosx.dylib
>
> Also can you look into:
> - Can you place artefacts in correct release area. Note that this is marked as a MUST! [3][4][5][6]
> - There’s probably no need for need for KEYS file inside artefact and in fact at that point it's too late to be of any real use.
> - Year is wrong in NOTICE file
>
> Also for the binary convenience release:
> - It is missing DISCLAIMER
> - LICENSE and NOTICE are incorrect as:
> - NOTICE lists BSD and MIT software which should be in LICENSE
> - LICENSE is missing BSD/MIT and other bundled software
> - NOTICE includes software that is not bundled (e.g. junit + others)
> - NOTICE is probably missing item from bundled Apache license NOTICE files (e.g.karaf + others) [13]
>
> Thanks,
> Justin
>
> 1. http://www.apache.org/dev/licensing-howto.html#permissive-deps
> 2. http://www.apache.org/dev/licensing-howto.html#alv2-dep
> 3. http://www.apache.org/dev/release.html#host-rc
> 4. http://incubator.apache.org/guides/releasemanagement.html#glossary-incubator-dist
> 5. https://dist.apache.org/repos/dist/dev/incubator/unomi/ (is empty)
> 6. http://incubator.apache.org/incubation/Incubation_Policy.html#Releases
> 7. http://www.apache.org/dev/licensing-howto.html#mod-notice
> 8. /samples/tweet-button-plugin/src/main/java/org/apache/unomi/samples/tweet_button_plugin/actions/IncrementTweetNumberAction.java
> 9. /samples/tweet-button-plugin/src/main/resources/OSGI-INF/blueprint/blueprint.xml
> 10. /package/src/main/resources/lib/sigar/
> 11 .http://www.apache.org/dev/licensing-howto.html#deps-of-deps
> 12. https://github.com/hyperic/sigar/blob/master/NOTICE
> 13. https://github.com/apache/karaf/blob/master/NOTICE
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
Sorry but it’s -1 binding as there are unexpected binary files in the source release.
There are a few other things that need to be fixed but they wouldn’t be blockers (IMO) for this release.
I checked:
- name includes incubating
- signatures all good
- DISCLAIMER exists
- LICENSE is OK
- NOTICE has extra information. There is no need to add anything to NOTICE for MIT license software [1] or (usually) for Apache licensed software. [2] NOTICE needs to be keep small. [7]
- NOTICE may be missing information. Hyperic Sigar contains a NOTICE file (which incorrectly lists MIT and Apache software). [12] It may be that some of these notices need to be added to NOTICE or LICENSE. [11]
- There are unexpected binary files in the release (see below).
- All source files contain Apache header
- Can compile from source
Binary files under [10] include:
libsigar-amd64-freebsd-6.so libsigar-x86-freebsd-5.so
libsigar-amd64-linux.so libsigar-x86-freebsd-6.so
libsigar-amd64-solaris.so libsigar-x86-linux.so
libsigar-ia64-linux.so libsigar-x86-solaris.so
libsigar-sparc-solaris.so sigar-amd64-winnt.dll
libsigar-sparc64-solaris.so sigar-x86-winnt.dll
libsigar-universal-macosx.dylib sigar-x86-winnt.lib
libsigar-universal64-macosx.dylib
Also can you look into:
- Can you place artefacts in correct release area. Note that this is marked as a MUST! [3][4][5][6]
- There’s probably no need for need for KEYS file inside artefact and in fact at that point it's too late to be of any real use.
- Year is wrong in NOTICE file
Also for the binary convenience release:
- It is missing DISCLAIMER
- LICENSE and NOTICE are incorrect as:
- NOTICE lists BSD and MIT software which should be in LICENSE
- LICENSE is missing BSD/MIT and other bundled software
- NOTICE includes software that is not bundled (e.g. junit + others)
- NOTICE is probably missing item from bundled Apache license NOTICE files (e.g.karaf + others) [13]
Thanks,
Justin
1. http://www.apache.org/dev/licensing-howto.html#permissive-deps
2. http://www.apache.org/dev/licensing-howto.html#alv2-dep
3. http://www.apache.org/dev/release.html#host-rc
4. http://incubator.apache.org/guides/releasemanagement.html#glossary-incubator-dist
5. https://dist.apache.org/repos/dist/dev/incubator/unomi/ (is empty)
6. http://incubator.apache.org/incubation/Incubation_Policy.html#Releases
7. http://www.apache.org/dev/licensing-howto.html#mod-notice
8. /samples/tweet-button-plugin/src/main/java/org/apache/unomi/samples/tweet_button_plugin/actions/IncrementTweetNumberAction.java
9. /samples/tweet-button-plugin/src/main/resources/OSGI-INF/blueprint/blueprint.xml
10. /package/src/main/resources/lib/sigar/
11 .http://www.apache.org/dev/licensing-howto.html#deps-of-deps
12. https://github.com/hyperic/sigar/blob/master/NOTICE
13. https://github.com/apache/karaf/blob/master/NOTICE
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
[CANCEL][VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
As found by Justin, the src distribution and NOTICE should be updated.
I will fix that and re-cut a release.
Thanks,
Regards
JB
On 01/26/2016 02:46 PM, Jean-Baptiste Onofré wrote:
> Hi all,
>
> I submit Apache Unomi 1.0.0-incubating release to your vote (take 2, new
> tentative fixing src distributions and NOTICE file).
>
> A vote was held on developer mailing list and it passed with +1s.
>
> Vote thread:
> http://mail-archives.apache.org/mod_mbox/incubator-unomi-dev/201601.mbox/%3C569E3163.2090001%40nanthrax.net%3E
>
> Result thread:
> http://mail-archives.apache.org/mod_mbox/incubator-unomi-dev/201601.mbox/%3C56A76D25.5020503%40nanthrax.net%3E
>
>
> The src distributions are located:
> *
> https://repository.apache.org/content/repositories/orgapacheunomi-1003/org/apache/unomi/unomi/1.0.0-incubating/unomi-1.0.0-incubating-src.tar.gz
>
> *
> https://repository.apache.org/content/repositories/orgapacheunomi-1003/org/apache/unomi/unomi/1.0.0-incubating/unomi-1.0.0-incubating-src.zip
>
>
> The vote is open for 72 hours:
>
> [ ] +1 approve
> [ ] +0 no opinion
> [ ] -1 disapprove (and reason why)
>
> Thanks,
> Regards
> JB
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org