You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ripple.apache.org by "Parashuram N (MS OPEN TECH)" <pa...@microsoft.com> on 2015/04/02 23:12:03 UTC

RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Hi Tim,

I have not looked at this yet. Do we want to bump it up ? 

-----Original Message-----
From: Tim Barham [mailto:Tim.Barham@microsoft.com] 
Sent: Tuesday, March 31, 2015 6:49 AM
To: dev@ripple.incubator.apache.org
Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Hi, I just wanted to follow up on this. Has anyone had a chance to look at the new package? Also, Ross, I was wondering if you had any feedback on the various license headers reported by RAT?

Thanks!

Tim

________________________________________
From: Tim Barham [Tim.Barham@microsoft.com]
Sent: Thursday, March 19, 2015 6:15 PM
To: dev@ripple.incubator.apache.org
Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Further update:

1. I've built a new archive that doesn't contain the pkg folder (which is the build output), and contains everything else (that was missing in the previous archive). This archive was create using 'git archive', so it contains all files in our git repository as of tag 0.9.28. Per your point Ross that none of the issues should block this release (I verified that ripple.js is ok, and also it is not included in the new package since it is an output of the build process), I've not made any changes to the source.

The new archive can be found here: http://1drv.ms/1BAKsBJ

2. I ran RAT, and it complained about the following files:

  ./assets/client/themes/dark/theme.css
  ./assets/client/themes/light/theme.css
  ./targets/chrome.extension/controllers/jquery.js
  ./thirdparty/3d.js
  ./thirdparty/Math.uuid.js
  ./thirdparty/draw.js
  ./thirdparty/jXHR.js
  ./thirdparty/jquery.js
  ./thirdparty/jquery.tooltip.js
  ./thirdparty/jquery.ui.js

The various jquery files are, of course, jquery and have headers along the lines of:

    /*!
     * jQuery JavaScript Library v1.6
     * http://jquery.com/
     *
     * Copyright 2011, John Resig
     * licensed under the MIT
     * http://jquery.org/license
     *
     * Includes Sizzle.js
     * http://sizzlejs.com/
     * Copyright 2011, The Dojo Foundation
     * Released under the MIT, BSD, and GPL Licenses.
     *
     * Date: Mon May 2 13:50:00 2011 -0400
     */

The two theme.css files were built by the jQuery UI CSS Framework, and have the following license headers:

/*
* jQuery UI CSS Framework
* Copyright (c) 2010 AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT (MIT-LICENSE.txt) and GPL (GPL-LICENSE.txt) licenses.
*/

Math.uuid.js and jXHR.js license headers reference the MIT and/or GPL licenses.

Math.uuid.js:

/*!
Math.uuid.js (v1.4)
http://www.broofa.com
mailto:robert@broofa.com

Copyright (c) 2010 Robert Kieffer
Dual licensed under the MIT and GPL licenses.
*/

jXHR.js:

// jXHR.js (JSON-P XHR)
// v0.1 (c) Kyle Simpson
// MIT License

The two utilities 3d.js and draw.js don't mention specific licenses, but that 'Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:" - those conditions being that the copyright notice is included and some other conditions that we meet.

Anything we need to be concerned about here?

Thanks,

Tim

-----Original Message-----
From: Tim Barham [mailto:Tim.Barham@microsoft.com]
Sent: Wednesday, March 18, 2015 7:18 PM
To: dev@ripple.incubator.apache.org
Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Thanks hugely for your input, Ross.

I just wanted to give an update on where I'm at with this - a while back I started writing some tools to automate some of the packaging stuff (building and signing archives, and some release verification tools based on those used for Cordova). I had put them on the backburner, but decided to revisit them - specifically move them Ripple's existing jake tools, and add some logic to make it easier to create a package appropriate for either for Apache archives or for npm. I hoped to have that wrapped up today, and build and send out a new archive (that included some source folders that are missing in the current archive, and excluded the pkg folder), but I'm not quite there. In order to facilitate moving forward I'll probably just build a new package in the morning rather than waiting until I have these tools integrated with the existing jake build tools.

Regarding RAT - yeah, I ran that at one point early on. I'll run it again tomorrow to verify the results.

Thanks,

Tim

-----Original Message-----
From: Ross Gardler (MS OPEN TECH) [mailto:Ross.Gardler@microsoft.com]
Sent: Tuesday, March 17, 2015 3:40 AM
To: dev@ripple.incubator.apache.org
Subject: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Tim, thank you again for making this happen.

Generally it's good practice to post a [DISCUSS] thread before calling the vote. The Vote should usually be called when it's clear there are no blocking issues (some projects like to post [DISCUSS} and [VOTE] threads at the same time (hence my subject change here).

I don't see any of the issues below as blocking for this release (unless an empty js file is a technical issue). Incubating projects are given more slack than top level projects. They need to be fixed in version control so the next release doesn't have the problem, but no need to re-roll this release in my opinion.

Was RAT run against this codebase? http://creadur.apache.org/rat/

Thanks,
Ross

-----Original Message-----
From: Christian Grobmeier [mailto:grobmeier@apache.org]
Sent: Friday, March 13, 2015 12:16 AM
To: dev@ripple.incubator.apache.org
Subject: Re: [VOTE] Ripple release 0.9.28

I found the following issues:

NOTICE -> 2012 :)

pkg/hosted/ripple.js appears to be empty. Is that correct?

pkg/hosted do not have license headers. It looks like this would generated code, which is uploaded to somewhere? In Java-terms it would be similar to a binary artifact, which also do not have headers. This might come up as an issue. At Apache we are releasing source code first, everything else is just nice. The best and easiest thing would be to just add the header (automatically) to that files. Are there any options?

/assets/server/images/NOTICE: its in a folder where only the logo remains. Is the location intended?
I see a lot of images in /pkg/hosted/images, but no NOTICE there Maybe the included message should just go to the global NOTICE file?

Thanks, i feel we are close :)

Christian

--
  Christian Grobmeier
  http://www.grobmeier.de
  http://www.timeandbill.de

On Tue, Mar 10, 2015, at 15:14, Tim Barham wrote:
> Please review and vote on the release of Ripple 0.9.28.
>
> The package you are voting on is available for review at 
> http://bit.ly/1FZ8meZ. It was published from its corresponding git tag:
>     incubator-ripple: 0.9.28 (1d95fed542)
>
> Since this will be an official Apache release of Ripple (our first!), 
> we must be particularly careful that it complies with all Apache 
> guidelines for an incubator release. As such, before voting +1, please 
> refer to and verify compliance with the checklist at 
> http://incubator.apache.org/guides/releasemanagement.html#check-list.
>
> If anyone has concerns that we don't meet any of these requirements, 
> please don't hesitate to raise them here so we can discuss and make 
> changes if necessary.
>
> If you do give a +1 vote, please include what steps you took in order 
> to be confident in the release.
>
> Please also note from Ross's recent email:
>
> > What we need is three +1 "binding" votes, in reality that means 
> > three IPMC members. Once a project graduates it means three project 
> > management committee members. However, as a mentor (therefore having 
> > a binding vote) I look to the project participants to indicate their 
> > preference and (assuming no blocking issues on an IP check) I'll 
> > always vote in support of the communities non- binding votes.
>
> So please, even though your vote may not be binding, take some time to 
> review the release and vote!
>
> Upon a successful vote, we will arrange for the archive to be uploaded 
> to dist/incubator/ and publish it to NPM.
>
> Thanks, and looking forward to our first official Ripple release!
>
> Tim

Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Posted by Tim Barham <Ti...@microsoft.com>.

Christian - I reviewed other Apache projects, and they all included 3rd party license headers in the LICENSE file.

Regarding the NOTICE file - we do have that, and I believe it contains the correct text, and I couldn't find any other NOTICE files in dependencies to add to it.

________________________________________
From: Christian Grobmeier <gr...@apache.org>
Sent: Friday, April 17, 2015 7:37 PM
To: dev@ripple.incubator.apache.org
Subject: Re: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Hi,

I just run Rat and then found this thread.

> Here are the items (I've indicated the ones I know to be policy with '*',
> the others are practices that I commonly see and encourage but I'm not
> certain they are policy):
>
>   - The LICENSE file should contain the full license of all dependencies
>   * (have clearly stated and linked to licenses when not including the
>   full text)

Are you sure with that? I thought the LICENSE contains our license,
while we note the other licenses in the NOTICE file. Didn't find proof
for my ideas yet.


>   - Where a dependency is available to us under multiple licenses we
>   should state that we are using it under the most permissive license
>   available.

This link is interesting, as it says in the case of jQuery we chose MIT.
https://www.apache.org/legal/resolved.html#category-x
A good think to note int he NOTICE file, see below.

>
>   - The NOTICE file is incomplete, it does not contain references to (for
>   example) dependencies under the Apache Software license which (as per
>   clause 4d) requires mention in the NOTICE * (I have not looked to see
>   if the dependencies have a NOTICE file, if they do not then there is
>   nothing to do here)

I have seen a few people complain much about the NOTICE file. Basically
I would prefer to have that around before moving to the incubator, as it
surely comes up.

Not sure if thats a policy, it reads to me as we should have it:
http://apache.org/legal/src-headers.html#notice

>
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Monday, April 6, 2015 8:03 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Thanks for that info, Ross. Based on that, I'll create a new vote thread
> in the morning referencing the updated package I mentioned below.
>
> Also, I'll add some tools to jake so anyone can run RAT easily (with the
> known exceptions) to validate future releases.
>
> Thanks!
>
> Tim
> ________________________________________
> From: Ross Gardler (MS OPEN TECH) <Ro...@microsoft.com>
> Sent: Friday, April 3, 2015 7:41 AM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> With respect to the license headers - they all look fine. Go ahead and
> add those files as exceptions in the RAT configuration so that it passes.
>
> Ross
>
>
>
> -----Original Message-----
> From: Parashuram N (MS OPEN TECH) [mailto:panarasi@microsoft.com]
> Sent: Thursday, April 2, 2015 2:12 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Hi Tim,
>
> I have not looked at this yet. Do we want to bump it up ?
>
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Tuesday, March 31, 2015 6:49 AM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Hi, I just wanted to follow up on this. Has anyone had a chance to look
> at the new package? Also, Ross, I was wondering if you had any feedback
> on the various license headers reported by RAT?
>
> Thanks!
>
> Tim
>
> ________________________________________
> From: Tim Barham [Tim.Barham@microsoft.com]
> Sent: Thursday, March 19, 2015 6:15 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Further update:
>
> 1. I've built a new archive that doesn't contain the pkg folder (which is
> the build output), and contains everything else (that was missing in the
> previous archive). This archive was create using 'git archive', so it
> contains all files in our git repository as of tag 0.9.28. Per your point
> Ross that none of the issues should block this release (I verified that
> ripple.js is ok, and also it is not included in the new package since it
> is an output of the build process), I've not made any changes to the
> source.
>
> The new archive can be found here: http://1drv.ms/1BAKsBJ
>
> 2. I ran RAT, and it complained about the following files:
>
>   ./assets/client/themes/dark/theme.css
>   ./assets/client/themes/light/theme.css
>   ./targets/chrome.extension/controllers/jquery.js
>   ./thirdparty/3d.js
>   ./thirdparty/Math.uuid.js
>   ./thirdparty/draw.js
>   ./thirdparty/jXHR.js
>   ./thirdparty/jquery.js
>   ./thirdparty/jquery.tooltip.js
>   ./thirdparty/jquery.ui.js
>
> The various jquery files are, of course, jquery and have headers along
> the lines of:
>
>     /*!
>      * jQuery JavaScript Library v1.6
>      * http://jquery.com/
>      *
>      * Copyright 2011, John Resig
>      * licensed under the MIT
>      * http://jquery.org/license
>      *
>      * Includes Sizzle.js
>      * http://sizzlejs.com/
>      * Copyright 2011, The Dojo Foundation
>      * Released under the MIT, BSD, and GPL Licenses.
>      *
>      * Date: Mon May 2 13:50:00 2011 -0400
>      */
>
> The two theme.css files were built by the jQuery UI CSS Framework, and
> have the following license headers:
>
> /*
> * jQuery UI CSS Framework
> * Copyright (c) 2010 AUTHORS.txt (http://jqueryui.com/about)
> * Dual licensed under the MIT (MIT-LICENSE.txt) and GPL (GPL-LICENSE.txt)
> licenses.
> */
>
> Math.uuid.js and jXHR.js license headers reference the MIT and/or GPL
> licenses.
>
> Math.uuid.js:
>
> /*!
> Math.uuid.js (v1.4)
> http://www.broofa.com
> mailto:robert@broofa.com
>
> Copyright (c) 2010 Robert Kieffer
> Dual licensed under the MIT and GPL licenses.
> */
>
> jXHR.js:
>
> // jXHR.js (JSON-P XHR)
> // v0.1 (c) Kyle Simpson
> // MIT License
>
> The two utilities 3d.js and draw.js don't mention specific licenses, but
> that 'Redistribution and use in source and binary forms, with or without
> modification, are permitted provided that the following conditions are
> met:" - those conditions being that the copyright notice is included and
> some other conditions that we meet.
>
> Anything we need to be concerned about here?
>
> Thanks,
>
> Tim
>
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Wednesday, March 18, 2015 7:18 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Thanks hugely for your input, Ross.
>
> I just wanted to give an update on where I'm at with this - a while back
> I started writing some tools to automate some of the packaging stuff
> (building and signing archives, and some release verification tools based
> on those used for Cordova). I had put them on the backburner, but decided
> to revisit them - specifically move them Ripple's existing jake tools,
> and add some logic to make it easier to create a package appropriate for
> either for Apache archives or for npm. I hoped to have that wrapped up
> today, and build and send out a new archive (that included some source
> folders that are missing in the current archive, and excluded the pkg
> folder), but I'm not quite there. In order to facilitate moving forward
> I'll probably just build a new package in the morning rather than waiting
> until I have these tools integrated with the existing jake build tools.
>
> Regarding RAT - yeah, I ran that at one point early on. I'll run it again
> tomorrow to verify the results.
>
> Thanks,
>
> Tim
>
> -----Original Message-----
> From: Ross Gardler (MS OPEN TECH) [mailto:Ross.Gardler@microsoft.com]
> Sent: Tuesday, March 17, 2015 3:40 AM
> To: dev@ripple.incubator.apache.org
> Subject: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28
>
> Tim, thank you again for making this happen.
>
> Generally it's good practice to post a [DISCUSS] thread before calling
> the vote. The Vote should usually be called when it's clear there are no
> blocking issues (some projects like to post [DISCUSS} and [VOTE] threads
> at the same time (hence my subject change here).
>
> I don't see any of the issues below as blocking for this release (unless
> an empty js file is a technical issue). Incubating projects are given
> more slack than top level projects. They need to be fixed in version
> control so the next release doesn't have the problem, but no need to
> re-roll this release in my opinion.
>
> Was RAT run against this codebase? http://creadur.apache.org/rat/
>
> Thanks,
> Ross
>
> -----Original Message-----
> From: Christian Grobmeier [mailto:grobmeier@apache.org]
> Sent: Friday, March 13, 2015 12:16 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [VOTE] Ripple release 0.9.28
>
> I found the following issues:
>
> NOTICE -> 2012 :)
>
> pkg/hosted/ripple.js appears to be empty. Is that correct?
>
> pkg/hosted do not have license headers. It looks like this would
> generated code, which is uploaded to somewhere? In Java-terms it would be
> similar to a binary artifact, which also do not have headers. This might
> come up as an issue. At Apache we are releasing source code first,
> everything else is just nice. The best and easiest thing would be to just
> add the header (automatically) to that files. Are there any options?
>
> /assets/server/images/NOTICE: its in a folder where only the logo
> remains. Is the location intended?
> I see a lot of images in /pkg/hosted/images, but no NOTICE there Maybe
> the included message should just go to the global NOTICE file?
>
> Thanks, i feel we are close :)
>
> Christian
>
> --
>   Christian Grobmeier
>   http://www.grobmeier.de
>   http://www.timeandbill.de
>
> On Tue, Mar 10, 2015, at 15:14, Tim Barham wrote:
> > Please review and vote on the release of Ripple 0.9.28.
> >
> > The package you are voting on is available for review at
> > http://bit.ly/1FZ8meZ. It was published from its corresponding git tag:
> >     incubator-ripple: 0.9.28 (1d95fed542)
> >
> > Since this will be an official Apache release of Ripple (our first!),
> > we must be particularly careful that it complies with all Apache
> > guidelines for an incubator release. As such, before voting +1, please
> > refer to and verify compliance with the checklist at
> > http://incubator.apache.org/guides/releasemanagement.html#check-list.
> >
> > If anyone has concerns that we don't meet any of these requirements,
> > please don't hesitate to raise them here so we can discuss and make
> > changes if necessary.
> >
> > If you do give a +1 vote, please include what steps you took in order
> > to be confident in the release.
> >
> > Please also note from Ross's recent email:
> >
> > > What we need is three +1 "binding" votes, in reality that means
> > > three IPMC members. Once a project graduates it means three project
> > > management committee members. However, as a mentor (therefore having
> > > a binding vote) I look to the project participants to indicate their
> > > preference and (assuming no blocking issues on an IP check) I'll
> > > always vote in support of the communities non- binding votes.
> >
> > So please, even though your vote may not be binding, take some time to
> > review the release and vote!
> >
> > Upon a successful vote, we will arrange for the archive to be uploaded
> > to dist/incubator/ and publish it to NPM.
> >
> > Thanks, and looking forward to our first official Ripple release!
> >
> > Tim