You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Bernhard M. Wiedemann (Jira)" <ji...@apache.org> on 2020/07/01 10:56:00 UTC
[jira] [Updated] (SSHD-1026) NOTICE file claims Copyright for
future years
[ https://issues.apache.org/jira/browse/SSHD-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bernhard M. Wiedemann updated SSHD-1026:
----------------------------------------
Description:
While working on the reproducible builds effort, I found that
when building the [apache-sshd 2.4.0 package|https://github.com/bmwiedemann/openSUSE/tree/master/packages/a/apache-sshd] for openSUSE Linux, there were differences between builds when the year changed:
{{/usr/share/java/apache-sshd/sshd-common.jar META-INF/NOTICE}}
{{@@ -1,6 +1,6 @@}}
{{Apache MINA SSHD}}
{{-Copyright 2018-2020 The Apache Software Foundation}}
{{+Copyright 2018-2035 The Apache Software Foundation}}
See [https://reproducible-builds.org/] for why this matters.
I cannot find where that comes from - in the input I only see NOTICE.txt:
{{Apache MINA SSHD}}
{{Copyright 2008-2018 The Apache Software Foundation}}
Nothing should claim copyright for future years. And you probably dont want give up copyright on versions from before 2018 either.
In case it matters, our build currently involves these packages+versions:
{{java-11-openjdk-11.0.7.0-3.74}}
{{java-11-openjdk-devel-11.0.7.0-3.74}}
{{java-11-openjdk-headless-11.0.7.0-3.74}}
{{javamail-1.5.2-2.4}}
{{javapackages-local-5.3.0-114.6}}
{{javapackages-tools-5.3.0-114.1}}
{{maven-archiver-3.5.0-1.2}}
{{maven-artifact-2.2.1-1.5}}
{{maven-artifact-manager-2.2.1-1.5}}
{{maven-artifact-resolver-1.0-2.2}}
{{maven-artifact-transfer-0.11.0-1.2}}
{{maven-clean-plugin-3.1.0-3.5}}
{{maven-common-artifact-filters-3.0.1-1.5}}
{{maven-compiler-plugin-3.8.1-2.2}}
{{maven-dependency-analyzer-1.10-1.5}}
{{maven-dependency-plugin-3.1.1-2.4}}
{{maven-dependency-tree-3.0-1.5}}
{{maven-doxia-core-1.9.1-2.2}}
{{maven-doxia-logging-api-1.9.1-2.2}}
{{maven-doxia-module-apt-1.9.1-2.2}}
{{maven-doxia-module-fml-1.9.1-2.2}}
{{maven-doxia-module-fo-1.9.1-2.2}}
{{maven-doxia-module-xdoc-1.9.1-2.2}}
{{maven-doxia-module-xhtml-1.9.1-2.2}}
{{maven-doxia-module-xhtml5-1.9.1-2.2}}
{{maven-doxia-sink-api-1.9.1-2.2}}
{{maven-doxia-sitetools-1.9.2-1.2}}
{{maven-file-management-3.0.0-1.5}}
{{maven-filtering-3.1.1-1.5}}
{{maven-invoker-3.0.1-1.3}}
{{maven-jar-plugin-3.2.0-1.4}}
{{maven-javadoc-plugin-3.1.1-2.2}}
{{maven-lib-3.6.2-17.1}}
{{maven-local-5.3.0-2.2}}
{{maven-model-2.2.1-1.5}}
{{maven-monitor-2.2.1-1.5}}
{{maven-plugin-annotations-3.6.0-1.3}}
{{maven-plugin-build-helper-1.9.1-1.7}}
{{maven-plugin-bundle-3.5.1-18.1}}
{{maven-plugin-registry-2.2.1-1.5}}
{{maven-profile-2.2.1-1.5}}
{{maven-project-2.2.1-1.5}}
{{maven-remote-resources-plugin-1.5-4.4}}
{{maven-reporting-api-3.0-1.5}}
{{maven-reporting-impl-3.0.0-2.2}}
{{maven-resolver-api-1.4.1-1.2}}
{{maven-resolver-connector-basic-1.4.1-1.2}}
{{maven-resolver-impl-1.4.1-1.2}}
{{maven-resolver-spi-1.4.1-1.2}}
{{maven-resolver-transport-wagon-1.4.1-1.2}}
{{maven-resolver-util-1.4.1-1.2}}
{{maven-resources-plugin-3.1.0-2.4}}
{{maven-settings-2.2.1-1.5}}
{{maven-shared-incremental-1.1-1.5}}
{{maven-shared-io-3.0.0-1.5}}
{{maven-shared-utils-3.2.1-1.5}}
{{maven-surefire-2.22.0-3.4}}
{{maven-surefire-plugin-2.22.0-3.4}}
{{maven-surefire-provider-junit-2.22.0-3.4}}
{{maven-surefire-provider-testng-2.22.0-3.4}}
{{maven-wagon-file-3.2.0-2.2}}
{{maven-wagon-http-3.2.0-2.2}}
{{maven-wagon-http-shared-3.2.0-2.2}}
{{maven-wagon-provider-api-3.2.0-2.2}}
was:
While working on the reproducible builds effort, I found that
when building the [apache-sshd 2.4.0 package|https://github.com/bmwiedemann/openSUSE/tree/master/packages/a/apache-sshd] for openSUSE Linux, there were differences between builds when the year changed:
{{/usr/share/java/apache-sshd/sshd-common.jar META-INF/NOTICE}}
\{{ @@ -1,6 +1,6 @@}}
{{Apache MINA SSHD}}
\{{ -Copyright 2018-2020 The Apache Software Foundation}}
\{{ +Copyright 2018-2035 The Apache Software Foundation}}
See [https://reproducible-builds.org/] for why this matters.
I cannot find where that comes from - in the input I only see NOTICE.txt:
{{Apache MINA SSHD}}
\{{ Copyright 2008-2018 The Apache Software Foundation}}
Nothing should claim copyright for future years. And you probably dont want give up copyright on versions from before 2018 either.
In case it matters, our build currently involves these packages+versions:
{{java-11-openjdk-11.0.7.0-3.74}}
{{java-11-openjdk-devel-11.0.7.0-3.74}}
{{java-11-openjdk-headless-11.0.7.0-3.74}}
{{javamail-1.5.2-2.4}}
{{javapackages-local-5.3.0-114.6}}
{{javapackages-tools-5.3.0-114.1}}
{{maven-archiver-3.5.0-1.2}}
{{maven-artifact-2.2.1-1.5}}
{{maven-artifact-manager-2.2.1-1.5}}
{{maven-artifact-resolver-1.0-2.2}}
{{maven-artifact-transfer-0.11.0-1.2}}
{{maven-clean-plugin-3.1.0-3.5}}
{{maven-common-artifact-filters-3.0.1-1.5}}
{{maven-compiler-plugin-3.8.1-2.2}}
{{maven-dependency-analyzer-1.10-1.5}}
{{maven-dependency-plugin-3.1.1-2.4}}
{{maven-dependency-tree-3.0-1.5}}
{{maven-doxia-core-1.9.1-2.2}}
{{maven-doxia-logging-api-1.9.1-2.2}}
{{maven-doxia-module-apt-1.9.1-2.2}}
{{maven-doxia-module-fml-1.9.1-2.2}}
{{maven-doxia-module-fo-1.9.1-2.2}}
{{maven-doxia-module-xdoc-1.9.1-2.2}}
{{maven-doxia-module-xhtml-1.9.1-2.2}}
{{maven-doxia-module-xhtml5-1.9.1-2.2}}
{{maven-doxia-sink-api-1.9.1-2.2}}
{{maven-doxia-sitetools-1.9.2-1.2}}
{{maven-file-management-3.0.0-1.5}}
{{maven-filtering-3.1.1-1.5}}
{{maven-invoker-3.0.1-1.3}}
{{maven-jar-plugin-3.2.0-1.4}}
{{maven-javadoc-plugin-3.1.1-2.2}}
{{maven-lib-3.6.2-17.1}}
{{maven-local-5.3.0-2.2}}
{{maven-model-2.2.1-1.5}}
{{maven-monitor-2.2.1-1.5}}
{{maven-plugin-annotations-3.6.0-1.3}}
{{maven-plugin-build-helper-1.9.1-1.7}}
{{maven-plugin-bundle-3.5.1-18.1}}
{{maven-plugin-registry-2.2.1-1.5}}
{{maven-profile-2.2.1-1.5}}
{{maven-project-2.2.1-1.5}}
{{maven-remote-resources-plugin-1.5-4.4}}
{{maven-reporting-api-3.0-1.5}}
{{maven-reporting-impl-3.0.0-2.2}}
{{maven-resolver-api-1.4.1-1.2}}
{{maven-resolver-connector-basic-1.4.1-1.2}}
{{maven-resolver-impl-1.4.1-1.2}}
{{maven-resolver-spi-1.4.1-1.2}}
{{maven-resolver-transport-wagon-1.4.1-1.2}}
{{maven-resolver-util-1.4.1-1.2}}
{{maven-resources-plugin-3.1.0-2.4}}
{{maven-settings-2.2.1-1.5}}
{{maven-shared-incremental-1.1-1.5}}
{{maven-shared-io-3.0.0-1.5}}
{{maven-shared-utils-3.2.1-1.5}}
{{maven-surefire-2.22.0-3.4}}
{{maven-surefire-plugin-2.22.0-3.4}}
{{maven-surefire-provider-junit-2.22.0-3.4}}
{{maven-surefire-provider-testng-2.22.0-3.4}}
{{maven-wagon-file-3.2.0-2.2}}
{{maven-wagon-http-3.2.0-2.2}}
{{maven-wagon-http-shared-3.2.0-2.2}}
{{maven-wagon-provider-api-3.2.0-2.2}}
> NOTICE file claims Copyright for future years
> ---------------------------------------------
>
> Key: SSHD-1026
> URL: https://issues.apache.org/jira/browse/SSHD-1026
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.4.0
> Reporter: Bernhard M. Wiedemann
> Priority: Major
>
> While working on the reproducible builds effort, I found that
> when building the [apache-sshd 2.4.0 package|https://github.com/bmwiedemann/openSUSE/tree/master/packages/a/apache-sshd] for openSUSE Linux, there were differences between builds when the year changed:
>
> {{/usr/share/java/apache-sshd/sshd-common.jar META-INF/NOTICE}}
> {{@@ -1,6 +1,6 @@}}
> {{Apache MINA SSHD}}
> {{-Copyright 2018-2020 The Apache Software Foundation}}
> {{+Copyright 2018-2035 The Apache Software Foundation}}
>
> See [https://reproducible-builds.org/] for why this matters.
>
> I cannot find where that comes from - in the input I only see NOTICE.txt:
> {{Apache MINA SSHD}}
> {{Copyright 2008-2018 The Apache Software Foundation}}
>
> Nothing should claim copyright for future years. And you probably dont want give up copyright on versions from before 2018 either.
>
>
> In case it matters, our build currently involves these packages+versions:
> {{java-11-openjdk-11.0.7.0-3.74}}
> {{java-11-openjdk-devel-11.0.7.0-3.74}}
> {{java-11-openjdk-headless-11.0.7.0-3.74}}
> {{javamail-1.5.2-2.4}}
> {{javapackages-local-5.3.0-114.6}}
> {{javapackages-tools-5.3.0-114.1}}
> {{maven-archiver-3.5.0-1.2}}
> {{maven-artifact-2.2.1-1.5}}
> {{maven-artifact-manager-2.2.1-1.5}}
> {{maven-artifact-resolver-1.0-2.2}}
> {{maven-artifact-transfer-0.11.0-1.2}}
> {{maven-clean-plugin-3.1.0-3.5}}
> {{maven-common-artifact-filters-3.0.1-1.5}}
> {{maven-compiler-plugin-3.8.1-2.2}}
> {{maven-dependency-analyzer-1.10-1.5}}
> {{maven-dependency-plugin-3.1.1-2.4}}
> {{maven-dependency-tree-3.0-1.5}}
> {{maven-doxia-core-1.9.1-2.2}}
> {{maven-doxia-logging-api-1.9.1-2.2}}
> {{maven-doxia-module-apt-1.9.1-2.2}}
> {{maven-doxia-module-fml-1.9.1-2.2}}
> {{maven-doxia-module-fo-1.9.1-2.2}}
> {{maven-doxia-module-xdoc-1.9.1-2.2}}
> {{maven-doxia-module-xhtml-1.9.1-2.2}}
> {{maven-doxia-module-xhtml5-1.9.1-2.2}}
> {{maven-doxia-sink-api-1.9.1-2.2}}
> {{maven-doxia-sitetools-1.9.2-1.2}}
> {{maven-file-management-3.0.0-1.5}}
> {{maven-filtering-3.1.1-1.5}}
> {{maven-invoker-3.0.1-1.3}}
> {{maven-jar-plugin-3.2.0-1.4}}
> {{maven-javadoc-plugin-3.1.1-2.2}}
> {{maven-lib-3.6.2-17.1}}
> {{maven-local-5.3.0-2.2}}
> {{maven-model-2.2.1-1.5}}
> {{maven-monitor-2.2.1-1.5}}
> {{maven-plugin-annotations-3.6.0-1.3}}
> {{maven-plugin-build-helper-1.9.1-1.7}}
> {{maven-plugin-bundle-3.5.1-18.1}}
> {{maven-plugin-registry-2.2.1-1.5}}
> {{maven-profile-2.2.1-1.5}}
> {{maven-project-2.2.1-1.5}}
> {{maven-remote-resources-plugin-1.5-4.4}}
> {{maven-reporting-api-3.0-1.5}}
> {{maven-reporting-impl-3.0.0-2.2}}
> {{maven-resolver-api-1.4.1-1.2}}
> {{maven-resolver-connector-basic-1.4.1-1.2}}
> {{maven-resolver-impl-1.4.1-1.2}}
> {{maven-resolver-spi-1.4.1-1.2}}
> {{maven-resolver-transport-wagon-1.4.1-1.2}}
> {{maven-resolver-util-1.4.1-1.2}}
> {{maven-resources-plugin-3.1.0-2.4}}
> {{maven-settings-2.2.1-1.5}}
> {{maven-shared-incremental-1.1-1.5}}
> {{maven-shared-io-3.0.0-1.5}}
> {{maven-shared-utils-3.2.1-1.5}}
> {{maven-surefire-2.22.0-3.4}}
> {{maven-surefire-plugin-2.22.0-3.4}}
> {{maven-surefire-provider-junit-2.22.0-3.4}}
> {{maven-surefire-provider-testng-2.22.0-3.4}}
> {{maven-wagon-file-3.2.0-2.2}}
> {{maven-wagon-http-3.2.0-2.2}}
> {{maven-wagon-http-shared-3.2.0-2.2}}
> {{maven-wagon-provider-api-3.2.0-2.2}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org