You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Lionel Liu <li...@apache.org> on 2018/04/10 02:14:46 UTC
[VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Hi all,
The Apache Griffin community has voted on and approved a proposal to
release Apache Griffin 0.2.0-rc3.
We now kindly request that the Incubator PMC members review and vote on
this incubator release candidate.
Apache Griffin is data quality service for modern data system, it
defines a standard process to define, measure data quality for well-known
dimensions. With Apache Griffin, users will be able to quickly define their
data quality requirements and then get the result in near real time in
systematical approach.
Griffin vote thread
https://lists.apache.org/thread.html/c9c9dd2cbea2d479625cd2a2c8234541022c60f35f423ceb150d7ecb@%3Cdev.griffin.apache.org%3E
Griffin vote result thread
https://lists.apache.org/thread.html/bc1b2a436119d91c4cf1175a80d6fd4e4b084749c9e6e259817144be@%3Cdev.griffin.apache.org%3E
The source tarball, including signatures, digests, etc. can be found at:
https://dist.apache.org/repos/dist/dev/incubator/griffin/0.2.0-incubating
The tag to be voted upon is 0.2.0-incubating:
https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.git;a=shortlog;h=refs/tags/griffin-0.2.0-incubating
The release hash is :
https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.git;a=commit;h=70419c4f4ec01dd70815d9480ab596b320fa5e2a
The Nexus Staging URL:
https://repository.apache.org/content/repositories/orgapachegriffin-1013
Release artifacts are signed with the following key:
7F00C3BA90F3ECAEECB843A79BD6EC6C02379561
KEYS file available:
https://dist.apache.org/repos/dist/dev/incubator/griffin/KEYS
For information about the contents of this release, see:
https://dist.apache.org/repos/dist/dev/incubator/griffin/0.2.0-incubating/CHANGES.txt
Please download the release candidate and evaluate the necessary items
including checking hashes, signatures, build from source, run and test.
Please vote on releasing this package as Apache Griffin 0.2.0-incubating
The vote will be open for 72 hours.
[ ] +1 Release this package as Apache Griffin 0.2.0-incubating
[ ] +0 no opinion
[ ] -1 Do not release this package because ...
Thanks,
Lionel
on behalf of Apache Griffin PPMC
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by William Guo <gu...@apache.org>.
hi guys,
We need your help to verify our release,
Could you please spend some time to vote for us if you are free at the
moment.
Thanks,
William
On Thu, Apr 12, 2018 at 1:07 AM, Matt Sicker <bo...@gmail.com> wrote:
> * Signatures ok
> * Disclaimer, notice, license ok
> - As an aside, I like the formatting used in the license file.
> * Not exactly sure why you distribute the KEYS file with your sources, but
> it's not a problem. Keys inside the artifact can't be used to verify the
> artifact.
> * Rat check ok
> * Builds/tests ok
>
> +1
>
> I'll note that I was initially confused by your license file as none of the
> projects mentioned in it are bundled in the source distribution, but I see
> the service jar does bundle all dependencies where said license file would
> be relevant.
>
> On 10 April 2018 at 00:53, William Guo <gu...@apache.org> wrote:
>
> > +1
> >
> >
> > rat passed.
> >
> > sha1 checked.
> >
> > all GPL are dual licensed either CDDL or 'Apache License version 2.0'
> >
> > Checked all suspicious license, looks good.
> >
> >
> >
> > Thanks,
> > William
> >
> >
> > On Tue, Apr 10, 2018 at 10:14 AM, Lionel Liu <li...@apache.org>
> wrote:
> >
> > > Hi all,
> > > The Apache Griffin community has voted on and approved a proposal
> to
> > > release Apache Griffin 0.2.0-rc3.
> > > We now kindly request that the Incubator PMC members review and
> vote
> > on
> > > this incubator release candidate.
> > >
> > > Apache Griffin is data quality service for modern data system, it
> > > defines a standard process to define, measure data quality for
> well-known
> > > dimensions. With Apache Griffin, users will be able to quickly define
> > their
> > > data quality requirements and then get the result in near real time in
> > > systematical approach.
> > >
> > >
> > > Griffin vote thread
> > >
> > > https://lists.apache.org/thread.html/c9c9dd2cbea2d479625cd2a2c82345
> > > 41022c60f35f423ceb150d7ecb@%3Cdev.griffin.apache.org%3E
> > > Griffin vote result thread
> > >
> > > https://lists.apache.org/thread.html/bc1b2a436119d91c4cf1175a80d6fd
> > > 4e4b084749c9e6e259817144be@%3Cdev.griffin.apache.org%3E
> > >
> > > The source tarball, including signatures, digests, etc. can be
> found
> > > at:
> > >
> > > https://dist.apache.org/repos/dist/dev/incubator/griffin/0.
> > 2.0-incubating
> > >
> > > The tag to be voted upon is 0.2.0-incubating:
> > >
> > > https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> > > git;a=shortlog;h=refs/tags/griffin-0.2.0-incubating
> > >
> > > The release hash is :
> > >
> > > https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> > > git;a=commit;h=70419c4f4ec01dd70815d9480ab596b320fa5e2a
> > >
> > > The Nexus Staging URL:
> > > https://repository.apache.org/content/repositories/
> > > orgapachegriffin-1013
> > >
> > > Release artifacts are signed with the following key:
> > > 7F00C3BA90F3ECAEECB843A79BD6EC6C02379561
> > >
> > > KEYS file available:
> > > https://dist.apache.org/repos/dist/dev/incubator/griffin/KEYS
> > >
> > > For information about the contents of this release, see:
> > >
> > > https://dist.apache.org/repos/dist/dev/incubator/griffin/0.
> > > 2.0-incubating/CHANGES.txt
> > >
> > >
> > > Please download the release candidate and evaluate the necessary
> > items
> > > including checking hashes, signatures, build from source, run and test.
> > > Please vote on releasing this package as Apache Griffin
> > > 0.2.0-incubating
> > > The vote will be open for 72 hours.
> > > [ ] +1 Release this package as Apache Griffin 0.2.0-incubating
> > > [ ] +0 no opinion
> > > [ ] -1 Do not release this package because ...
> > >
> > >
> > > Thanks,
> > > Lionel
> > > on behalf of Apache Griffin PPMC
> > >
> >
>
>
>
> --
> Matt Sicker <bo...@gmail.com>
>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by William Guo <gu...@apache.org>.
hi guys,
We need your help to verify our release,
Could you please spend some time to vote for us if you are free at the
moment.
Thanks,
William
On Thu, Apr 12, 2018 at 1:07 AM, Matt Sicker <bo...@gmail.com> wrote:
> * Signatures ok
> * Disclaimer, notice, license ok
> - As an aside, I like the formatting used in the license file.
> * Not exactly sure why you distribute the KEYS file with your sources, but
> it's not a problem. Keys inside the artifact can't be used to verify the
> artifact.
> * Rat check ok
> * Builds/tests ok
>
> +1
>
> I'll note that I was initially confused by your license file as none of the
> projects mentioned in it are bundled in the source distribution, but I see
> the service jar does bundle all dependencies where said license file would
> be relevant.
>
> On 10 April 2018 at 00:53, William Guo <gu...@apache.org> wrote:
>
> > +1
> >
> >
> > rat passed.
> >
> > sha1 checked.
> >
> > all GPL are dual licensed either CDDL or 'Apache License version 2.0'
> >
> > Checked all suspicious license, looks good.
> >
> >
> >
> > Thanks,
> > William
> >
> >
> > On Tue, Apr 10, 2018 at 10:14 AM, Lionel Liu <li...@apache.org>
> wrote:
> >
> > > Hi all,
> > > The Apache Griffin community has voted on and approved a proposal
> to
> > > release Apache Griffin 0.2.0-rc3.
> > > We now kindly request that the Incubator PMC members review and
> vote
> > on
> > > this incubator release candidate.
> > >
> > > Apache Griffin is data quality service for modern data system, it
> > > defines a standard process to define, measure data quality for
> well-known
> > > dimensions. With Apache Griffin, users will be able to quickly define
> > their
> > > data quality requirements and then get the result in near real time in
> > > systematical approach.
> > >
> > >
> > > Griffin vote thread
> > >
> > > https://lists.apache.org/thread.html/c9c9dd2cbea2d479625cd2a2c82345
> > > 41022c60f35f423ceb150d7ecb@%3Cdev.griffin.apache.org%3E
> > > Griffin vote result thread
> > >
> > > https://lists.apache.org/thread.html/bc1b2a436119d91c4cf1175a80d6fd
> > > 4e4b084749c9e6e259817144be@%3Cdev.griffin.apache.org%3E
> > >
> > > The source tarball, including signatures, digests, etc. can be
> found
> > > at:
> > >
> > > https://dist.apache.org/repos/dist/dev/incubator/griffin/0.
> > 2.0-incubating
> > >
> > > The tag to be voted upon is 0.2.0-incubating:
> > >
> > > https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> > > git;a=shortlog;h=refs/tags/griffin-0.2.0-incubating
> > >
> > > The release hash is :
> > >
> > > https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> > > git;a=commit;h=70419c4f4ec01dd70815d9480ab596b320fa5e2a
> > >
> > > The Nexus Staging URL:
> > > https://repository.apache.org/content/repositories/
> > > orgapachegriffin-1013
> > >
> > > Release artifacts are signed with the following key:
> > > 7F00C3BA90F3ECAEECB843A79BD6EC6C02379561
> > >
> > > KEYS file available:
> > > https://dist.apache.org/repos/dist/dev/incubator/griffin/KEYS
> > >
> > > For information about the contents of this release, see:
> > >
> > > https://dist.apache.org/repos/dist/dev/incubator/griffin/0.
> > > 2.0-incubating/CHANGES.txt
> > >
> > >
> > > Please download the release candidate and evaluate the necessary
> > items
> > > including checking hashes, signatures, build from source, run and test.
> > > Please vote on releasing this package as Apache Griffin
> > > 0.2.0-incubating
> > > The vote will be open for 72 hours.
> > > [ ] +1 Release this package as Apache Griffin 0.2.0-incubating
> > > [ ] +0 no opinion
> > > [ ] -1 Do not release this package because ...
> > >
> > >
> > > Thanks,
> > > Lionel
> > > on behalf of Apache Griffin PPMC
> > >
> >
>
>
>
> --
> Matt Sicker <bo...@gmail.com>
>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Matt Sicker <bo...@gmail.com>.
* Signatures ok
* Disclaimer, notice, license ok
- As an aside, I like the formatting used in the license file.
* Not exactly sure why you distribute the KEYS file with your sources, but
it's not a problem. Keys inside the artifact can't be used to verify the
artifact.
* Rat check ok
* Builds/tests ok
+1
I'll note that I was initially confused by your license file as none of the
projects mentioned in it are bundled in the source distribution, but I see
the service jar does bundle all dependencies where said license file would
be relevant.
On 10 April 2018 at 00:53, William Guo <gu...@apache.org> wrote:
> +1
>
>
> rat passed.
>
> sha1 checked.
>
> all GPL are dual licensed either CDDL or 'Apache License version 2.0'
>
> Checked all suspicious license, looks good.
>
>
>
> Thanks,
> William
>
>
> On Tue, Apr 10, 2018 at 10:14 AM, Lionel Liu <li...@apache.org> wrote:
>
> > Hi all,
> > The Apache Griffin community has voted on and approved a proposal to
> > release Apache Griffin 0.2.0-rc3.
> > We now kindly request that the Incubator PMC members review and vote
> on
> > this incubator release candidate.
> >
> > Apache Griffin is data quality service for modern data system, it
> > defines a standard process to define, measure data quality for well-known
> > dimensions. With Apache Griffin, users will be able to quickly define
> their
> > data quality requirements and then get the result in near real time in
> > systematical approach.
> >
> >
> > Griffin vote thread
> >
> > https://lists.apache.org/thread.html/c9c9dd2cbea2d479625cd2a2c82345
> > 41022c60f35f423ceb150d7ecb@%3Cdev.griffin.apache.org%3E
> > Griffin vote result thread
> >
> > https://lists.apache.org/thread.html/bc1b2a436119d91c4cf1175a80d6fd
> > 4e4b084749c9e6e259817144be@%3Cdev.griffin.apache.org%3E
> >
> > The source tarball, including signatures, digests, etc. can be found
> > at:
> >
> > https://dist.apache.org/repos/dist/dev/incubator/griffin/0.
> 2.0-incubating
> >
> > The tag to be voted upon is 0.2.0-incubating:
> >
> > https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> > git;a=shortlog;h=refs/tags/griffin-0.2.0-incubating
> >
> > The release hash is :
> >
> > https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> > git;a=commit;h=70419c4f4ec01dd70815d9480ab596b320fa5e2a
> >
> > The Nexus Staging URL:
> > https://repository.apache.org/content/repositories/
> > orgapachegriffin-1013
> >
> > Release artifacts are signed with the following key:
> > 7F00C3BA90F3ECAEECB843A79BD6EC6C02379561
> >
> > KEYS file available:
> > https://dist.apache.org/repos/dist/dev/incubator/griffin/KEYS
> >
> > For information about the contents of this release, see:
> >
> > https://dist.apache.org/repos/dist/dev/incubator/griffin/0.
> > 2.0-incubating/CHANGES.txt
> >
> >
> > Please download the release candidate and evaluate the necessary
> items
> > including checking hashes, signatures, build from source, run and test.
> > Please vote on releasing this package as Apache Griffin
> > 0.2.0-incubating
> > The vote will be open for 72 hours.
> > [ ] +1 Release this package as Apache Griffin 0.2.0-incubating
> > [ ] +0 no opinion
> > [ ] -1 Do not release this package because ...
> >
> >
> > Thanks,
> > Lionel
> > on behalf of Apache Griffin PPMC
> >
>
--
Matt Sicker <bo...@gmail.com>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by William Guo <gu...@apache.org>.
Hi Dave,
For those GPL+CDDL dependencies, we are not packaging them in source
release.
Thanks,
William
On Fri, Apr 13, 2018 at 7:31 AM, Dave Fisher <da...@comcast.net> wrote:
>
> On Apr 9, 2018, at 10:53 PM, William Guo <gu...@apache.org> wrote:
>
> +1
>
>
> rat passed.
>
> sha1 checked.
>
> all GPL are dual licensed either CDDL or 'Apache License version 2.0’
>
>
> Please see https://www.apache.org/legal/resolved.html
>
> Is the GPL that is dual licensed CDDL included as an optional binary or is
> it source code?
>
> Regards,
> Dave
>
>
>
> Checked all suspicious license, looks good.
>
>
>
> Thanks,
> William
>
>
> On Tue, Apr 10, 2018 at 10:14 AM, Lionel Liu <li...@apache.org> wrote:
>
> Hi all,
> The Apache Griffin community has voted on and approved a proposal to
> release Apache Griffin 0.2.0-rc3.
> We now kindly request that the Incubator PMC members review and vote on
> this incubator release candidate.
>
> Apache Griffin is data quality service for modern data system, it
> defines a standard process to define, measure data quality for well-known
> dimensions. With Apache Griffin, users will be able to quickly define their
> data quality requirements and then get the result in near real time in
> systematical approach.
>
>
> Griffin vote thread
>
> https://lists.apache.org/thread.html/c9c9dd2cbea2d479625cd2a2c82345
> 41022c60f35f423ceb150d7ecb@%3Cdev.griffin.apache.org%3E
> Griffin vote result thread
>
> https://lists.apache.org/thread.html/bc1b2a436119d91c4cf1175a80d6fd
> 4e4b084749c9e6e259817144be@%3Cdev.griffin.apache.org%3E
>
> The source tarball, including signatures, digests, etc. can be found
> at:
>
> https://dist.apache.org/repos/dist/dev/incubator/griffin/0.2.0-incubating
>
> The tag to be voted upon is 0.2.0-incubating:
>
> https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> git;a=shortlog;h=refs/tags/griffin-0.2.0-incubating
>
> The release hash is :
>
> https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> git;a=commit;h=70419c4f4ec01dd70815d9480ab596b320fa5e2a
>
> The Nexus Staging URL:
> https://repository.apache.org/content/repositories/
> orgapachegriffin-1013
>
> Release artifacts are signed with the following key:
> 7F00C3BA90F3ECAEECB843A79BD6EC6C02379561
>
> KEYS file available:
> https://dist.apache.org/repos/dist/dev/incubator/griffin/KEYS
>
> For information about the contents of this release, see:
>
> https://dist.apache.org/repos/dist/dev/incubator/griffin/0.
> 2.0-incubating/CHANGES.txt
>
>
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, run and test.
> Please vote on releasing this package as Apache Griffin
> 0.2.0-incubating
> The vote will be open for 72 hours.
> [ ] +1 Release this package as Apache Griffin 0.2.0-incubating
> [ ] +0 no opinion
> [ ] -1 Do not release this package because ...
>
>
> Thanks,
> Lionel
> on behalf of Apache Griffin PPMC
>
>
>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by William Guo <gu...@apache.org>.
Thanks for your inputs.
ok, we will go through and check our license.
Thanks,
William
On Fri, Apr 13, 2018 at 7:53 AM, Matt Sicker <bo...@gmail.com> wrote:
> On 12 April 2018 at 18:49, Justin Mclean <ju...@classsoftware.com> wrote:
>
> > The source LICENSE mentions:
> > - JSON licensed software - this is category X and can’t be dependancy
> even
> > if it is not included in the source release. [1]
> > - CDDL and EPL license software there are category B and cannot be
> > included in a source release. [2]
> >
>
> These are binary dependencies only. I believe their license file in the
> source distribution is incorrect.
>
>
> > Only things that are actually bundled in the release should be mentioned
> > in LICENSE. [3][4]
> >
>
> With this issue, I'm switching to -1 as well.
>
>
> --
> Matt Sicker <bo...@gmail.com>
>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Matt Sicker <bo...@gmail.com>.
On 12 April 2018 at 18:49, Justin Mclean <ju...@classsoftware.com> wrote:
> The source LICENSE mentions:
> - JSON licensed software - this is category X and can’t be dependancy even
> if it is not included in the source release. [1]
> - CDDL and EPL license software there are category B and cannot be
> included in a source release. [2]
>
These are binary dependencies only. I believe their license file in the
source distribution is incorrect.
> Only things that are actually bundled in the release should be mentioned
> in LICENSE. [3][4]
>
With this issue, I'm switching to -1 as well.
--
Matt Sicker <bo...@gmail.com>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> I reviewed this JSON license we've mentioned in license file: (The JSON License) JSON in Java (org.json:json:20140107 - https://github.com/douglascrockford/JSON-java <https://github.com/douglascrockford/JSON-java>)
> It is transitive dependency from org.apache.hive:hive-metastore:jar:1.2.1 (The Apache Software License, Version 2.0), we use hive metastore APIs and mentioned in pom.xml, but did not use org.json libraries directly. And it is bundled after built in runtime.
> - I also checked license file of hive, it announced JSON license for org.json library. (https://github.com/apache/hive/blob/release-1.2.1/LICENSE#L308 <https://github.com/apache/hive/blob/release-1.2.1/LICENSE#L308>)
JSON license was made a category X license a year or two ago. [1] [2] ALv2 content depends on something with a category X license unless it’s optional or for some build tools. [3] PMC’s were given some time to comply with this and perhaps a more recent version of Hive does?
> For those CDDL and EPL licenses dependencies, we also just need them in runtime.
And being category B that would be fine but they shouldn’t be mentioned in the source license. [4] The license file for the source release and the binary is likely to be different.
> The dependencies are not bundled in the source code, so we don't need to announce any dependencies' licenses in source release?
Correct.
Thanks,
Justin
1. http://www.apache.org/legal/resolved.html#json
2. https://lists.apache.org/thread.html/195d6e14bbcfcbb8d0a90492a81b311efaa5d6d15bc81b239a32dcb7@%3Cgeneral.incubator.apache.org%3E
3. https://www.apache.org/legal/resolved.html#prohibited
4. http://www.apache.org/dev/licensing-howto.html#binary
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Lionel Liu <li...@apache.org>.
Thanks Justin and Matt, then we'll clean up the unbundled dependencies'
licenses for our source release.
Thanks,
Lionel
On Fri, Apr 13, 2018 at 1:09 PM, Matt Sicker <bo...@gmail.com> wrote:
> On 12 April 2018 at 22:43, Lionel Liu <li...@apache.org> wrote:
> >
> > 2. Only things that are actually bundled in the release should be
> mentioned
> > in LICENSE. [3][4]
> >
> > To my understanding, as a source release, all the dependencies are
> bundled
> > when it is built.
> > The dependencies are not bundled in the source code, so we don't need to
> > announce any dependencies' licenses in source release?
> >
>
> The idea here is that the LICENSE file only needs to include licenses for
> anything that is included in that archive file. So for instance, if you
> have source files that are all developed at Apache and have dependencies
> that aren't included in the source zip, then you have the most simple
> distribution possible here. If you have source files that are licensed
> differently (e.g., copied code from an MIT licensed library), then things
> start to get complicated. As it is, your source license and notice should
> be relatively minimal right now since you're not bundling external
> dependencies in said source distribution.
>
> As for the JSON licensing issue, just take a look at the license. It says
> it can't be used for evil. While amusing, that's a terrible restriction to
> place on end users because it's extremely vague and violates the tenants of
> free software.
>
> --
> Matt Sicker <bo...@gmail.com>
>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Matt Sicker <bo...@gmail.com>.
On Sun, Apr 15, 2018 at 07:39, William Guo <gu...@apache.org> wrote:
> that means if we cannot have category X dependencies in our source release,
> but for category B, since we don't bundled in our source release, so it is
> fine.
That’s correct.
>
> Correct me if I am wrong.
>
> Thanks,
> William
>
> On Fri, Apr 13, 2018 at 11:58 PM, Matt Sicker <bo...@gmail.com> wrote:
>
> > On 13 April 2018 at 03:37, Willem Jiang <wi...@gmail.com> wrote:
> >
> > > Hi Matt,
> > >
> > > I just have different idea about your your explanation.
> > >
> > > If my code has the compile dependency of the JSON library, as the JSON
> > > library code is not bundled in the source code.
> > > I don't think we should add the License of JSON library into my License
> > > file.
> > >
> >
> > Right. The source license file only applies to the source code that you
> > directly include in the distribution artifact. Hence why the binaries
> here
> > have a different license because they embed several 3rd party
> dependencies
> > with different licenses or notices to include. Some licenses have
> different
> > rules regarding source distribution versus binary distribution (these
> > generally revolve around where and how to attribute the copyright
> holders).
> >
> >
> > > If we use the LGPL license jar library in the test.
> > > As this LGPL jar is not bundled in our source or binary release. we
> don't
> > > need to update our License and Notice file for it.
> > >
> >
> > That's my understanding. Essentially, any components that depend on LGPL
> > code or similar need to be optional.
> >
> > As for license categories (which is relevant to this discussion in
> > general), category A are all good for source and binary distribution,
> > category B licenses can generally be used in binary distributions but not
> > source distributions, and category X licenses cannot be included in
> source
> > or binary distributions. Category X licensed software can be used in
> > limited cases, but it can't be required for using the software. For
> > example, maybe you have a component that integrates with some GPL
> component
> > upstream. Provided you were legally able to write your component under
> ALv2
> > in the first place, then said component could be distributed as an
> optional
> > component with instructions on installing the third party software. <
> > https://www.apache.org/legal/resolved.html#optional>
> >
> >
> > --
> > Matt Sicker <bo...@gmail.com>
> >
>
--
Matt Sicker <bo...@gmail.com>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by William Guo <gu...@apache.org>.
that means if we cannot have category X dependencies in our source release,
but for category B, since we don't bundled in our source release, so it is
fine.
Correct me if I am wrong.
Thanks,
William
On Fri, Apr 13, 2018 at 11:58 PM, Matt Sicker <bo...@gmail.com> wrote:
> On 13 April 2018 at 03:37, Willem Jiang <wi...@gmail.com> wrote:
>
> > Hi Matt,
> >
> > I just have different idea about your your explanation.
> >
> > If my code has the compile dependency of the JSON library, as the JSON
> > library code is not bundled in the source code.
> > I don't think we should add the License of JSON library into my License
> > file.
> >
>
> Right. The source license file only applies to the source code that you
> directly include in the distribution artifact. Hence why the binaries here
> have a different license because they embed several 3rd party dependencies
> with different licenses or notices to include. Some licenses have different
> rules regarding source distribution versus binary distribution (these
> generally revolve around where and how to attribute the copyright holders).
>
>
> > If we use the LGPL license jar library in the test.
> > As this LGPL jar is not bundled in our source or binary release. we don't
> > need to update our License and Notice file for it.
> >
>
> That's my understanding. Essentially, any components that depend on LGPL
> code or similar need to be optional.
>
> As for license categories (which is relevant to this discussion in
> general), category A are all good for source and binary distribution,
> category B licenses can generally be used in binary distributions but not
> source distributions, and category X licenses cannot be included in source
> or binary distributions. Category X licensed software can be used in
> limited cases, but it can't be required for using the software. For
> example, maybe you have a component that integrates with some GPL component
> upstream. Provided you were legally able to write your component under ALv2
> in the first place, then said component could be distributed as an optional
> component with instructions on installing the third party software. <
> https://www.apache.org/legal/resolved.html#optional>
>
>
> --
> Matt Sicker <bo...@gmail.com>
>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Matt Sicker <bo...@gmail.com>.
On 13 April 2018 at 03:37, Willem Jiang <wi...@gmail.com> wrote:
> Hi Matt,
>
> I just have different idea about your your explanation.
>
> If my code has the compile dependency of the JSON library, as the JSON
> library code is not bundled in the source code.
> I don't think we should add the License of JSON library into my License
> file.
>
Right. The source license file only applies to the source code that you
directly include in the distribution artifact. Hence why the binaries here
have a different license because they embed several 3rd party dependencies
with different licenses or notices to include. Some licenses have different
rules regarding source distribution versus binary distribution (these
generally revolve around where and how to attribute the copyright holders).
> If we use the LGPL license jar library in the test.
> As this LGPL jar is not bundled in our source or binary release. we don't
> need to update our License and Notice file for it.
>
That's my understanding. Essentially, any components that depend on LGPL
code or similar need to be optional.
As for license categories (which is relevant to this discussion in
general), category A are all good for source and binary distribution,
category B licenses can generally be used in binary distributions but not
source distributions, and category X licenses cannot be included in source
or binary distributions. Category X licensed software can be used in
limited cases, but it can't be required for using the software. For
example, maybe you have a component that integrates with some GPL component
upstream. Provided you were legally able to write your component under ALv2
in the first place, then said component could be distributed as an optional
component with instructions on installing the third party software. <
https://www.apache.org/legal/resolved.html#optional>
--
Matt Sicker <bo...@gmail.com>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Willem Jiang <wi...@gmail.com>.
Hi Matt,
I just have different idea about your your explanation.
If my code has the compile dependency of the JSON library, as the JSON
library code is not bundled in the source code.
I don't think we should add the License of JSON library into my License
file.
If we use the LGPL license jar library in the test.
As this LGPL jar is not bundled in our source or binary release. we don't
need to update our License and Notice file for it.
Please correct me if I'm wrong about it.
Willem Jiang
Blog: http://willemjiang.blogspot.com (English)
http://jnn.iteye.com (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Fri, Apr 13, 2018 at 1:09 PM, Matt Sicker <bo...@gmail.com> wrote:
> On 12 April 2018 at 22:43, Lionel Liu <li...@apache.org> wrote:
> >
> > 2. Only things that are actually bundled in the release should be
> mentioned
> > in LICENSE. [3][4]
> >
> > To my understanding, as a source release, all the dependencies are
> bundled
> > when it is built.
> > The dependencies are not bundled in the source code, so we don't need to
> > announce any dependencies' licenses in source release?
> >
>
> The idea here is that the LICENSE file only needs to include licenses for
> anything that is included in that archive file. So for instance, if you
> have source files that are all developed at Apache and have dependencies
> that aren't included in the source zip, then you have the most simple
> distribution possible here. If you have source files that are licensed
> differently (e.g., copied code from an MIT licensed library), then things
> start to get complicated. As it is, your source license and notice should
> be relatively minimal right now since you're not bundling external
> dependencies in said source distribution.
>
> As for the JSON licensing issue, just take a look at the license. It says
> it can't be used for evil. While amusing, that's a terrible restriction to
> place on end users because it's extremely vague and violates the tenants of
> free software.
>
> --
> Matt Sicker <bo...@gmail.com>
>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Matt Sicker <bo...@gmail.com>.
On 12 April 2018 at 22:43, Lionel Liu <li...@apache.org> wrote:
>
> 2. Only things that are actually bundled in the release should be mentioned
> in LICENSE. [3][4]
>
> To my understanding, as a source release, all the dependencies are bundled
> when it is built.
> The dependencies are not bundled in the source code, so we don't need to
> announce any dependencies' licenses in source release?
>
The idea here is that the LICENSE file only needs to include licenses for
anything that is included in that archive file. So for instance, if you
have source files that are all developed at Apache and have dependencies
that aren't included in the source zip, then you have the most simple
distribution possible here. If you have source files that are licensed
differently (e.g., copied code from an MIT licensed library), then things
start to get complicated. As it is, your source license and notice should
be relatively minimal right now since you're not bundling external
dependencies in said source distribution.
As for the JSON licensing issue, just take a look at the license. It says
it can't be used for evil. While amusing, that's a terrible restriction to
place on end users because it's extremely vague and violates the tenants of
free software.
--
Matt Sicker <bo...@gmail.com>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Lionel Liu <li...@apache.org>.
Hi Justin,
Thanks a lot for your review, I have some questions:
1. The source LICENSE mentions:
- JSON licensed software - this is category X and can’t be dependancy even
if it is not included in the source release. [1]
- CDDL and EPL license software there are category B and cannot be included
in a source release. [2]
I reviewed this JSON license we've mentioned in license file: (The JSON
License) JSON in Java (org.json:json:20140107 -
https://github.com/douglascrockford/JSON-java)
It is transitive dependency from org.apache.hive:hive-metastore:jar:1.2.1
(The Apache Software License, Version 2.0), we use hive metastore APIs and
mentioned in pom.xml, but did not use org.json libraries directly. And it
is bundled after built in runtime.
- I also checked license file of hive, it announced JSON license for
org.json library. (
https://github.com/apache/hive/blob/release-1.2.1/LICENSE#L308)
For those CDDL and EPL licenses dependencies, we also just need them in
runtime.
2. Only things that are actually bundled in the release should be mentioned
in LICENSE. [3][4]
To my understanding, as a source release, all the dependencies are bundled
when it is built.
The dependencies are not bundled in the source code, so we don't need to
announce any dependencies' licenses in source release?
Actually, in the Griffin-0.2.0-incubating [RC1] release vote process, we've
receive an email from John D. Ament:
-----
On mine I get 3 files failing
Unapproved licenses:
DEPENDENCIES
griffin-doc/service/postman/griffin.json
griffin-doc/service/postman/griffin_environment.json
Doing what I assume is the same thing as Matt (mvn apache-rat:check from
the source release folder) . In addition to what he's noted, the year in
your NOTICE file should be updated to 2018. The resulting output files
need a little bit of work:
- measure's JAR shows the notice for Avro. It also packs in additional
dependencies that are not apache licensed (they're all Cat B so they're
fine). In the next release, please create dedicated NOTICE and LICENSE
files for this JAR.
- Similar issues exist in the service JAR, where the spring boot JAR
includes many other dependencies, some of which carry their own NOTICE
(Jackson, Tomcat) or other licenses. What's harder is that you're using
Hibernate, which is an LGPL Cat-X dependency and cannot be included in the
JAR. This is going to have to come out.
- The resulting output from your UI build should have licenses in place for
font awesome, glyphicons. I'm not sure whats in your vendor.min.js but
based on your node_modules you may need to call out additional
license/notice contents.
Sorry, but -1.
-----
In the comments, we also did not bundle any dependencies in source code,
they are just bundled after built.
It seems like we should announce the licenses of dependencies in built
jars, even if we only released the source code package.
*Now I'm confused about this, would you give me some suggestions? *
Thanks,
Lionel
On Fri, Apr 13, 2018 at 7:49 AM, Justin Mclean <ju...@classsoftware.com>
wrote:
> Hi,
>
> -1 binding
>
> The source LICENSE mentions:
> - JSON licensed software - this is category X and can’t be dependancy even
> if it is not included in the source release. [1]
> - CDDL and EPL license software there are category B and cannot be
> included in a source release. [2]
>
> Only things that are actually bundled in the release should be mentioned
> in LICENSE. [3][4]
>
> Thanks,
> Justin
>
> 1. https://www.apache.org/legal/resolved.html#category-x
> 2. https://www.apache.org/legal/resolved.html#category-b
> 3. http://www.apache.org/dev/licensing-howto.html#guiding-principle
> 4 http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
-1 binding
The source LICENSE mentions:
- JSON licensed software - this is category X and can’t be dependancy even if it is not included in the source release. [1]
- CDDL and EPL license software there are category B and cannot be included in a source release. [2]
Only things that are actually bundled in the release should be mentioned in LICENSE. [3][4]
Thanks,
Justin
1. https://www.apache.org/legal/resolved.html#category-x
2. https://www.apache.org/legal/resolved.html#category-b
3. http://www.apache.org/dev/licensing-howto.html#guiding-principle
4 http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by Dave Fisher <da...@comcast.net>.
> On Apr 9, 2018, at 10:53 PM, William Guo <gu...@apache.org> wrote:
>
> +1
>
>
> rat passed.
>
> sha1 checked.
>
> all GPL are dual licensed either CDDL or 'Apache License version 2.0’
Please see https://www.apache.org/legal/resolved.html <https://www.apache.org/legal/resolved.html>
Is the GPL that is dual licensed CDDL included as an optional binary or is it source code?
Regards,
Dave
>
> Checked all suspicious license, looks good.
>
>
>
> Thanks,
> William
>
>
> On Tue, Apr 10, 2018 at 10:14 AM, Lionel Liu <li...@apache.org> wrote:
>
>> Hi all,
>> The Apache Griffin community has voted on and approved a proposal to
>> release Apache Griffin 0.2.0-rc3.
>> We now kindly request that the Incubator PMC members review and vote on
>> this incubator release candidate.
>>
>> Apache Griffin is data quality service for modern data system, it
>> defines a standard process to define, measure data quality for well-known
>> dimensions. With Apache Griffin, users will be able to quickly define their
>> data quality requirements and then get the result in near real time in
>> systematical approach.
>>
>>
>> Griffin vote thread
>>
>> https://lists.apache.org/thread.html/c9c9dd2cbea2d479625cd2a2c82345
>> 41022c60f35f423ceb150d7ecb@%3Cdev.griffin.apache.org%3E
>> Griffin vote result thread
>>
>> https://lists.apache.org/thread.html/bc1b2a436119d91c4cf1175a80d6fd
>> 4e4b084749c9e6e259817144be@%3Cdev.griffin.apache.org%3E
>>
>> The source tarball, including signatures, digests, etc. can be found
>> at:
>>
>> https://dist.apache.org/repos/dist/dev/incubator/griffin/0.2.0-incubating
>>
>> The tag to be voted upon is 0.2.0-incubating:
>>
>> https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
>> git;a=shortlog;h=refs/tags/griffin-0.2.0-incubating
>>
>> The release hash is :
>>
>> https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
>> git;a=commit;h=70419c4f4ec01dd70815d9480ab596b320fa5e2a
>>
>> The Nexus Staging URL:
>> https://repository.apache.org/content/repositories/
>> orgapachegriffin-1013
>>
>> Release artifacts are signed with the following key:
>> 7F00C3BA90F3ECAEECB843A79BD6EC6C02379561
>>
>> KEYS file available:
>> https://dist.apache.org/repos/dist/dev/incubator/griffin/KEYS
>>
>> For information about the contents of this release, see:
>>
>> https://dist.apache.org/repos/dist/dev/incubator/griffin/0.
>> 2.0-incubating/CHANGES.txt
>>
>>
>> Please download the release candidate and evaluate the necessary items
>> including checking hashes, signatures, build from source, run and test.
>> Please vote on releasing this package as Apache Griffin
>> 0.2.0-incubating
>> The vote will be open for 72 hours.
>> [ ] +1 Release this package as Apache Griffin 0.2.0-incubating
>> [ ] +0 no opinion
>> [ ] -1 Do not release this package because ...
>>
>>
>> Thanks,
>> Lionel
>> on behalf of Apache Griffin PPMC
>>
Re: [VOTE] Release of Apache Griffin-0.2.0-incubating [RC3]
Posted by William Guo <gu...@apache.org>.
+1
rat passed.
sha1 checked.
all GPL are dual licensed either CDDL or 'Apache License version 2.0'
Checked all suspicious license, looks good.
Thanks,
William
On Tue, Apr 10, 2018 at 10:14 AM, Lionel Liu <li...@apache.org> wrote:
> Hi all,
> The Apache Griffin community has voted on and approved a proposal to
> release Apache Griffin 0.2.0-rc3.
> We now kindly request that the Incubator PMC members review and vote on
> this incubator release candidate.
>
> Apache Griffin is data quality service for modern data system, it
> defines a standard process to define, measure data quality for well-known
> dimensions. With Apache Griffin, users will be able to quickly define their
> data quality requirements and then get the result in near real time in
> systematical approach.
>
>
> Griffin vote thread
>
> https://lists.apache.org/thread.html/c9c9dd2cbea2d479625cd2a2c82345
> 41022c60f35f423ceb150d7ecb@%3Cdev.griffin.apache.org%3E
> Griffin vote result thread
>
> https://lists.apache.org/thread.html/bc1b2a436119d91c4cf1175a80d6fd
> 4e4b084749c9e6e259817144be@%3Cdev.griffin.apache.org%3E
>
> The source tarball, including signatures, digests, etc. can be found
> at:
>
> https://dist.apache.org/repos/dist/dev/incubator/griffin/0.2.0-incubating
>
> The tag to be voted upon is 0.2.0-incubating:
>
> https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> git;a=shortlog;h=refs/tags/griffin-0.2.0-incubating
>
> The release hash is :
>
> https://git-wip-us.apache.org/repos/asf?p=incubator-griffin.
> git;a=commit;h=70419c4f4ec01dd70815d9480ab596b320fa5e2a
>
> The Nexus Staging URL:
> https://repository.apache.org/content/repositories/
> orgapachegriffin-1013
>
> Release artifacts are signed with the following key:
> 7F00C3BA90F3ECAEECB843A79BD6EC6C02379561
>
> KEYS file available:
> https://dist.apache.org/repos/dist/dev/incubator/griffin/KEYS
>
> For information about the contents of this release, see:
>
> https://dist.apache.org/repos/dist/dev/incubator/griffin/0.
> 2.0-incubating/CHANGES.txt
>
>
> Please download the release candidate and evaluate the necessary items
> including checking hashes, signatures, build from source, run and test.
> Please vote on releasing this package as Apache Griffin
> 0.2.0-incubating
> The vote will be open for 72 hours.
> [ ] +1 Release this package as Apache Griffin 0.2.0-incubating
> [ ] +0 no opinion
> [ ] -1 Do not release this package because ...
>
>
> Thanks,
> Lionel
> on behalf of Apache Griffin PPMC
>