You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@daffodil.apache.org by GitBox <gi...@apache.org> on 2022/03/26 23:09:38 UTC
[GitHub] [daffodil-vscode] Shanedell opened a new pull request #96: RC2 Updates
Shanedell opened a new pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96
Multiple updates from rc2 release:
- Update daffodilVersion from 3.2.1 to 3.3.0.
- Add plugins to project/plugins.sbt.
- These plugins allow for checking dependencies for updates, CVEs and viewing the tree of dependencies.
- Update scalaVersion from 2.12.13 to 2.12.15.
- Can move to 2.13.8 at some point not sure when we want to do this however.
- Update "logback-classic" version from 1.2.3 to 1.2.11 to fix CVEs.
- Update "com.microsoft.java.debug.core" version from 0.31.1 to 0.35.0.
- Update "fs2-io" version from 3.0.4 to 3.0.6.
- Updating to 3.2.5 breaks the build.
- Update "decline-effect" from 2.1.0 to 2.2.0.
- Update "log4cats-slf4j" from 2.1.0 to 2.1.1.
- Updating to 2.2.0 breaks the build.
- CVEs seem to be false positives here.
- Add dependencyOverrides for commons-lang3 to fix a CVE item.
- Update bin.NOTICE files as some of the incorated projects NOTICE's were updated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836688296
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
Yeah for all the ones I could fine most didn't change or if they did it was normally a simple bump of copyright year. The main thing was not knowing what I needed to copy over from daffodil files.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836780340
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
For dependencies that are under the Apache License, you must add the dependencies NOTICE content to bin.NOTICE. If it does not have a NOTICE file then you do not need to do anything for that dependency. And because it's ALv2 license, you not need to add anything to the bin.LICENSE file since it's the same as the vscode license.
For dependencies that are under a license other than the Apache License, you must add its LICENSE information to the bin.LICENSE file. Nothing should be added to the bin.NOTICE file, unless the license is a [Category B](https://www.apache.org/legal/resolved.html#category-b) license, but we don't see those very often, and in most cases the information should be in a README rather than the bin.NOTICE.
If a dependency does not have a LICENSE file, then we need to figure out what its license is and handle it according to the above rules. For example, sometimes the license is just mentioned in a README or file headers. If we cannot determine the license, it is assumed to be [Category X](https://www.apache.org/legal/resolved.html#category-x) and we cannot use the dependency until the author/authors specify a license and we determine its compatibility with ASF licensing.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] mbeckerle commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
mbeckerle commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r837696697
##########
File path: build/bin.NOTICE
##########
@@ -169,3 +166,71 @@ Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
+
+Apache Commons Codec (lib/commons-codec.commons-codec-<VERSION>.jar)
+ Apache Commons Codec
+ Copyright 2002-2017 The Apache Software Foundation
+
+ src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java
+ contains test data from http://aspell.net/test/orig/batch0.tab.
+ Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
+
+ ===============================================================================
+
+ The content of package org.apache.commons.codec.language.bm has been translated
+ from the original php source code available at http://stevemorse.org/phoneticinfo.htm
+ with permission from the original authors.
+ Original source copyright:
+ Copyright (c) 2008 Alexander Beider & Stephen P. Morse.
+
+Apache Commons Logging (lib/commons-logging.commons-logging-<VERSION>.jar)
+ Apache Commons Logging
+ Copyright 2003-2014 The Apache Software Foundation
+
+Apache HttpClient (lib/org.apache.httpcomponents.httpclient-<VERSION>.jar)
+ Apache HttpClient
+ Copyright 1999-2020 The Apache Software Foundation
+
+Apache HttpCore (lib/org.apache.httpcomponents.httpcore-<VERSION>.jar)
+ Apache HttpCore
+ Copyright 2005-2020 The Apache Software Foundation
+
+Apache Log4j (lib/org.apache.logging.log4j.log4j-api-<VERSION>.jar, org.apache.logging.log4j.log4j-core-<VERSION>.jar)
+ Apache Log4j
+ Copyright 1999-2019 Apache Software Foundation
+
+ This product includes software developed at
+ The Apache Software Foundation (http://www.apache.org/).
+
+ ResolverUtil.java
+ Copyright 2005-2006 Tim Fennell
+
+ Dumbster SMTP test server
Review comment:
Eventually I think a directory of License files, and a directory of Notices files would be better than this squashing of stuff together into a single license and notices file. It's very hard to verify that this includes everything it is supposed to, and does not include things it's not supposed to, as well as not knowing what's verbatim we're including, and what is stuff we're writing.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836669351
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
You might wait until things are merged. I'm not sure what the final PR will look like, and the more similar the two projects are, the easier it is to verify.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell merged pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell merged pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] tuxji commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
tuxji commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r838057990
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
Yes, I removed the dependencies that do not have a NOTICE file in my Daffodil PR's final changes as Steve suggested. I'll upload my suggested edits directly to this PR as well.
##########
File path: build/bin.NOTICE
##########
@@ -77,9 +84,6 @@ Apache XML Commons Resolver (lib/xml-resolver.xml-resolver-<VERSION>.jar)
Apache XML Commons Resolver
Copyright 2006 The Apache Software Foundation.
- This product includes software developed at
- The Apache Software Foundation http://www.apache.org/
-
Review comment:
I've removed these lines in my edits.
##########
File path: build/bin.LICENSE
##########
@@ -2207,3 +2207,537 @@
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+ This product bundles 'Saxon-HE (Home Edition)', including the following files:
+ - lib/net.sf.saxon.Saxon-HE-<VERSION>.jar in in daffodil-debugger-<VERSION>.zip
+ These files are available under the MPL 2.0 license:
+
+ Most of the open source code in the Saxon product is governed by the Mozilla Public
Review comment:
Saxon is gone now, but I've rearranged the lines mentioning each jar and its license to make it easier to understand which files are covered by which licenses.
##########
File path: build/bin.NOTICE
##########
@@ -169,3 +166,71 @@ Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
+
+Apache Commons Codec (lib/commons-codec.commons-codec-<VERSION>.jar)
+ Apache Commons Codec
+ Copyright 2002-2017 The Apache Software Foundation
+
+ src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java
+ contains test data from http://aspell.net/test/orig/batch0.tab.
+ Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
+
+ ===============================================================================
+
+ The content of package org.apache.commons.codec.language.bm has been translated
+ from the original php source code available at http://stevemorse.org/phoneticinfo.htm
+ with permission from the original authors.
+ Original source copyright:
+ Copyright (c) 2008 Alexander Beider & Stephen P. Morse.
+
+Apache Commons Logging (lib/commons-logging.commons-logging-<VERSION>.jar)
+ Apache Commons Logging
+ Copyright 2003-2014 The Apache Software Foundation
+
+Apache HttpClient (lib/org.apache.httpcomponents.httpclient-<VERSION>.jar)
+ Apache HttpClient
+ Copyright 1999-2020 The Apache Software Foundation
+
+Apache HttpCore (lib/org.apache.httpcomponents.httpcore-<VERSION>.jar)
+ Apache HttpCore
+ Copyright 2005-2020 The Apache Software Foundation
+
+Apache Log4j (lib/org.apache.logging.log4j.log4j-api-<VERSION>.jar, org.apache.logging.log4j.log4j-core-<VERSION>.jar)
+ Apache Log4j
+ Copyright 1999-2019 Apache Software Foundation
+
+ This product includes software developed at
+ The Apache Software Foundation (http://www.apache.org/).
+
+ ResolverUtil.java
+ Copyright 2005-2006 Tim Fennell
+
+ Dumbster SMTP test server
Review comment:
Aye, I took a pass at this and updated bin.LICENSE and bin.NOTICE. I noticed that many jars don't have LICENSE or NOTICE files in them but I didn't take the extra time to visit their source repositories and check for LICENSE/NOTICE files there as well, so I don't promise that my edits are the last word. I just want to give these files a better foundation for the 1.0.0 release and let future PRs improve them.
##########
File path: build/bin.LICENSE
##########
@@ -2207,3 +2207,537 @@
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+ This product bundles 'Saxon-HE (Home Edition)', including the following files:
Review comment:
Actually we can remove the Saxon license because daffodil-debugger does not depend on daffodil-schematron, and therefore does not include Saxon or its transitive dependencies in the daffodil-debugger zip file. It's important to build the extension and then look inside daffodil-debugger.zip to see which jars daffodil-debugger actually uses instead of simply starting with a copy of Daffodil's bin.LICENSE and bin.NOTICE. I was surprised how many differences I found between Daffodil's libs and daffodil-debugger's libs once I actually compared the libs. I don't simply see a superset or subset of one's libs in the other's libs; some dependencies even have different versions. We only just released Daffodil 3.3.0, so there hasn't been enough time for Daffodil to bump some dependency versions to newer versions yet. Someone will have to look closely at how daffodil-debugger specifies its dependencies and figure out why certain dependencies have different versions.
P.S. I know why the versions are different now - when I built the extension, I'd checked out the main branch but the main branch is still using Daffodil 3.2.1, not 3.3.0.
##########
File path: build/bin.NOTICE
##########
@@ -169,3 +166,71 @@ Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
+
+Apache Commons Codec (lib/commons-codec.commons-codec-<VERSION>.jar)
+ Apache Commons Codec
+ Copyright 2002-2017 The Apache Software Foundation
+
+ src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java
+ contains test data from http://aspell.net/test/orig/batch0.tab.
+ Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
+
+ ===============================================================================
+
+ The content of package org.apache.commons.codec.language.bm has been translated
+ from the original php source code available at http://stevemorse.org/phoneticinfo.htm
+ with permission from the original authors.
+ Original source copyright:
+ Copyright (c) 2008 Alexander Beider & Stephen P. Morse.
+
+Apache Commons Logging (lib/commons-logging.commons-logging-<VERSION>.jar)
+ Apache Commons Logging
+ Copyright 2003-2014 The Apache Software Foundation
+
+Apache HttpClient (lib/org.apache.httpcomponents.httpclient-<VERSION>.jar)
+ Apache HttpClient
+ Copyright 1999-2020 The Apache Software Foundation
+
+Apache HttpCore (lib/org.apache.httpcomponents.httpcore-<VERSION>.jar)
+ Apache HttpCore
+ Copyright 2005-2020 The Apache Software Foundation
+
+Apache Log4j (lib/org.apache.logging.log4j.log4j-api-<VERSION>.jar, org.apache.logging.log4j.log4j-core-<VERSION>.jar)
Review comment:
Done.
##########
File path: build/bin.NOTICE
##########
@@ -169,3 +166,71 @@ Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
+
+Apache Commons Codec (lib/commons-codec.commons-codec-<VERSION>.jar)
+ Apache Commons Codec
+ Copyright 2002-2017 The Apache Software Foundation
+
+ src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java
+ contains test data from http://aspell.net/test/orig/batch0.tab.
+ Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
+
+ ===============================================================================
+
+ The content of package org.apache.commons.codec.language.bm has been translated
+ from the original php source code available at http://stevemorse.org/phoneticinfo.htm
+ with permission from the original authors.
+ Original source copyright:
+ Copyright (c) 2008 Alexander Beider & Stephen P. Morse.
+
+Apache Commons Logging (lib/commons-logging.commons-logging-<VERSION>.jar)
+ Apache Commons Logging
+ Copyright 2003-2014 The Apache Software Foundation
+
+Apache HttpClient (lib/org.apache.httpcomponents.httpclient-<VERSION>.jar)
+ Apache HttpClient
+ Copyright 1999-2020 The Apache Software Foundation
+
+Apache HttpCore (lib/org.apache.httpcomponents.httpcore-<VERSION>.jar)
+ Apache HttpCore
+ Copyright 2005-2020 The Apache Software Foundation
Review comment:
I removed the http notices because they're not used by daffodil-debugger. They're in Daffodil's bin.NOTICE only because daffodil-schematron uses Saxon-HE, Saxon-HE uses xml-resolver, and xml-resolver uses these http jars. You have to build the extension and look at daffodil-debugger's libs as the source of truth before you edit bin.LICENSE or bin.NOTICE.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#issuecomment-1080666899
Also, In general we try to ensure every PR has an associated Issue associated with it for tracking purposes. It would be good to create an issue for these changes and and add a `Closes` line to the commit message.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836652281
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
Correct, your NOTICE and LICENSE files are correct and don't need to be updated. Those files cover the source code.
The bin.NOTICE and bin.LICENSE files cover everything inside the .vsix file, which is significantly more since the .vsix file actually inclues jars. Inside the .vsix file is the daffodil-debugger-3.3.0-1.0.0.zip file, and inside that zip is all the dependencies, including transitive dependencies, of daffodil-debugger. Because daffodil-debugger depends on daffodil, this zip will contain many (or maybe all?) of the same jars that Daffodil depends on. Because of this, the bin.NOTICE and bin.LICENSE files for vscode should probably look very similar to the bin.NOTICE and bin.LICENSE of Daffodil, with the addition of the Daffodil NOTICE and dependencies that are unique to daffodil-debugger (e.g. ip4s, cats, fs2)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836654009
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
Okay I can work on getting these changes updated, should I just the contents of that PR or whats in main?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] mbeckerle commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
mbeckerle commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r837521009
##########
File path: build.sbt
##########
@@ -34,9 +34,12 @@ lazy val commonSettings = {
"org.apache.daffodil" %% "daffodil-sapi" % daffodilVer,
"org.apache.daffodil" %% "daffodil-runtime1" % daffodilVer
),
+ dependencyOverrides ++= Seq(
+ "org.apache.commons" % "commons-lang3" % "3.12.0"
+ ),
licenses += ("Apache-2.0", new URL("https://www.apache.org/licenses/LICENSE-2.0.txt")),
organization := "org.apache.daffodil",
- scalaVersion := "2.12.13",
+ scalaVersion := "2.12.15",
Review comment:
This change is, FYI, super important because the latest LTS Java version, 17, requires this version of the scala libraries or obscure errors occur.
And there are good reasons to want Java 17, including that it is noticibly faster.
##########
File path: build/bin.LICENSE
##########
@@ -2207,3 +2207,537 @@
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+ This product bundles 'Saxon-HE (Home Edition)', including the following files:
+ - lib/net.sf.saxon.Saxon-HE-<VERSION>.jar in in daffodil-debugger-<VERSION>.zip
+ These files are available under the MPL 2.0 license:
+
+ Most of the open source code in the Saxon product is governed by the Mozilla Public
Review comment:
I find this structure a bit odd. First it says "These filese are available under the MPL 2.0 license." Next sentence says: "Most of the open source code..." suggests that some of it isn't even open source code, and contradicts the prior statement.
If this language is what we're doing in Daffodil, and is boilerplate what tthe Saxon-HE license requires of us, then I'm fine with it. So long as this language is not our invention.
If this is our language, then I would prefer something that said simply "Licenses below are for the Saxon product and its sub-components.".
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r837651826
##########
File path: build/bin.NOTICE
##########
@@ -1,5 +1,5 @@
Apache Daffodil VS Code Extension
-Copyright 2021 The Apache Software Foundation
+Copyright 2022 The Apache Software Foundation
Review comment:
This has already been fixed in main. Might get a merge conflict for this?
##########
File path: build/bin.LICENSE
##########
@@ -2207,3 +2207,537 @@
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+ This product bundles 'Saxon-HE (Home Edition)', including the following files:
Review comment:
I think this is already in the bin.LICENSE file? But I think that might be for an older version of Saxon-HE? It has a lot more subcomponents listed. I wonder if Saxon-HE removed those components?
##########
File path: build/bin.NOTICE
##########
@@ -169,3 +166,71 @@ Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
+
+Apache Commons Codec (lib/commons-codec.commons-codec-<VERSION>.jar)
+ Apache Commons Codec
+ Copyright 2002-2017 The Apache Software Foundation
+
+ src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java
+ contains test data from http://aspell.net/test/orig/batch0.tab.
+ Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
+
+ ===============================================================================
+
+ The content of package org.apache.commons.codec.language.bm has been translated
+ from the original php source code available at http://stevemorse.org/phoneticinfo.htm
+ with permission from the original authors.
+ Original source copyright:
+ Copyright (c) 2008 Alexander Beider & Stephen P. Morse.
+
+Apache Commons Logging (lib/commons-logging.commons-logging-<VERSION>.jar)
+ Apache Commons Logging
+ Copyright 2003-2014 The Apache Software Foundation
+
+Apache HttpClient (lib/org.apache.httpcomponents.httpclient-<VERSION>.jar)
+ Apache HttpClient
+ Copyright 1999-2020 The Apache Software Foundation
+
+Apache HttpCore (lib/org.apache.httpcomponents.httpcore-<VERSION>.jar)
+ Apache HttpCore
+ Copyright 2005-2020 The Apache Software Foundation
Review comment:
We need this Http stuff since it is a dependency of Daffodil, but that's weird. Not sure why http stuff is a depdency of Daffodil. I wonder if that's an optional transitive dependency that we can remove in Daffodil 3.4.0?
##########
File path: build/bin.NOTICE
##########
@@ -169,3 +166,71 @@ Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
+
+Apache Commons Codec (lib/commons-codec.commons-codec-<VERSION>.jar)
+ Apache Commons Codec
+ Copyright 2002-2017 The Apache Software Foundation
+
+ src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java
+ contains test data from http://aspell.net/test/orig/batch0.tab.
+ Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
+
+ ===============================================================================
+
+ The content of package org.apache.commons.codec.language.bm has been translated
+ from the original php source code available at http://stevemorse.org/phoneticinfo.htm
+ with permission from the original authors.
+ Original source copyright:
+ Copyright (c) 2008 Alexander Beider & Stephen P. Morse.
+
+Apache Commons Logging (lib/commons-logging.commons-logging-<VERSION>.jar)
+ Apache Commons Logging
+ Copyright 2003-2014 The Apache Software Foundation
+
+Apache HttpClient (lib/org.apache.httpcomponents.httpclient-<VERSION>.jar)
+ Apache HttpClient
+ Copyright 1999-2020 The Apache Software Foundation
+
+Apache HttpCore (lib/org.apache.httpcomponents.httpcore-<VERSION>.jar)
+ Apache HttpCore
+ Copyright 2005-2020 The Apache Software Foundation
+
+Apache Log4j (lib/org.apache.logging.log4j.log4j-api-<VERSION>.jar, org.apache.logging.log4j.log4j-core-<VERSION>.jar)
+ Apache Log4j
+ Copyright 1999-2019 Apache Software Foundation
+
+ This product includes software developed at
+ The Apache Software Foundation (http://www.apache.org/).
+
+ ResolverUtil.java
+ Copyright 2005-2006 Tim Fennell
+
+ Dumbster SMTP test server
Review comment:
The bin.NOTICE file @tuxji just merged does not list Dumbster or some of these other things from Log4j. Did Log4j change their notice?
@tuxji, it would help if you could take a scan at this. You're most faimilar with all the recent changes.
Also, it's a little hard to just diff since the format has changed. Do we want to standardize all of our license/notice files to the same format?
##########
File path: build/bin.NOTICE
##########
@@ -77,9 +84,6 @@ Apache XML Commons Resolver (lib/xml-resolver.xml-resolver-<VERSION>.jar)
Apache XML Commons Resolver
Copyright 2006 The Apache Software Foundation.
- This product includes software developed at
- The Apache Software Foundation http://www.apache.org/
-
Review comment:
This line still exists in a few places. This can be removed in all places except for the very first one at the top.
##########
File path: build/bin.NOTICE
##########
@@ -169,3 +166,71 @@ Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
+
+Apache Commons Codec (lib/commons-codec.commons-codec-<VERSION>.jar)
+ Apache Commons Codec
+ Copyright 2002-2017 The Apache Software Foundation
+
+ src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java
+ contains test data from http://aspell.net/test/orig/batch0.tab.
+ Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
+
+ ===============================================================================
+
+ The content of package org.apache.commons.codec.language.bm has been translated
+ from the original php source code available at http://stevemorse.org/phoneticinfo.htm
+ with permission from the original authors.
+ Original source copyright:
+ Copyright (c) 2008 Alexander Beider & Stephen P. Morse.
+
+Apache Commons Logging (lib/commons-logging.commons-logging-<VERSION>.jar)
+ Apache Commons Logging
+ Copyright 2003-2014 The Apache Software Foundation
+
+Apache HttpClient (lib/org.apache.httpcomponents.httpclient-<VERSION>.jar)
+ Apache HttpClient
+ Copyright 1999-2020 The Apache Software Foundation
+
+Apache HttpCore (lib/org.apache.httpcomponents.httpcore-<VERSION>.jar)
+ Apache HttpCore
+ Copyright 2005-2020 The Apache Software Foundation
+
+Apache Log4j (lib/org.apache.logging.log4j.log4j-api-<VERSION>.jar, org.apache.logging.log4j.log4j-core-<VERSION>.jar)
Review comment:
This is already above. One of those can be removed.
##########
File path: build/bin.LICENSE
##########
@@ -2207,3 +2207,537 @@
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+ This product bundles 'Saxon-HE (Home Edition)', including the following files:
+ - lib/net.sf.saxon.Saxon-HE-<VERSION>.jar in in daffodil-debugger-<VERSION>.zip
+ These files are available under the MPL 2.0 license:
+
+ Most of the open source code in the Saxon product is governed by the Mozilla Public
Review comment:
The "Most of a the open source..." part is copied straight out of the Saxon-HE LICENSE.txt file, so we probably want to keep that verbatim.
The line "These files are available under the MPL 2.0 license:" is something we add, and we are free to change. According to the Saxon license, the only thing that isn't MPL 2.0 is a one subcomponent, which is MIT. So alternatively we could say
"These files are available under the MPL 2.0 license and MIT license."
Though, that almost sounds like saxon is dual licensed, which is not the case. So maybe your more generic message is better, and people who care just need to read the whole thing to know the license?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836774138
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
So we have these items included but they aren't in either `bin.NOTICE` or `bin.LICENSE` but have Apache Licenses
```
org.typelevel.cats-effect
org.typelevel.cats-effect-kernel
org.typelevel.cats-effect-std
com.monovore.decline-effect
com.monovore.decline
org.typelevel.log4cats-core
org.typelevel.log4cats-slf4j
com.google.code.gson.gson
org.typelevel.literally
```
This one is in neither and has neither
```
org.typelevel.simulacrum-scalafix-annotations
```
So what do you think is best for these ones just leave them out? Adding the Apache license for all of the above, some are in the same project so it lowers the number down a bit, will cause that files to a bit more lengthy
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836764685
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
@stevedlawrence Hey Steve, I am going through and updating stuff here so if something doesn't have a NOTICE but has a LICENSE it can be excluded from `bin.NOTICE` if the license is added to `bin.LICENSE` correct? Then if it has a NOTICE but not a LICENSE it goes into `bin.NOTICE` correct? So they only need to be in one or the other? What about something that has neither LICENSE or NOTICE does that just not get added to either file? What if the LICENSE is an Apache license does that need added to that file or we bypass those?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836783825
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
Sorry, I didn't see the other comments until after I posted the above, but I think it answers your questions.
> Also in the PR for daffodil some of the items that have no NOTICE in JAR have the license mentioned in bin.LICENSE so could those just be removed from the bin.NOTICE? Some of them also have Apache licenses so should those be removed from the bin.NOTICE file?
I suggested to John that we do not include anything in bin.NOTICE for dependencies that do not have a NOTICE file. I'm not sure if a final decision has been made about that, but that is my preference.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#issuecomment-1084590803
@mbeckerle @stevedlawrence Mike and Steve, I think the changes added by @tuxji look good to me, what do you guys think? Want to make sure to get your input before rebasing, squashing and merging.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836624685
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
That was correct, but @tuxji opened a new PR (https://github.com/apache/daffodil/pull/777) to fix some NOTICE issues we found during the Daffodil 3.3.0 vote. We decided it wasn't worth blocking the release and fixed them shortly after. That PR hasn't been merged yet, but should probably be merged relatively soon. At which point the relevant parts can be copied in. Note that PR also makes a minor update to the license file too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836641496
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
So I am confused. That PR is for updating the `bin.NOTICE` and `bin.LICENSE` files for Daffodil. These wouldn't be inside of the `bin.NOTICE` and `bin.LICENSE` correct? Just the root `NOTICE` and `LICENSE` file contents should be inside of the `bin.` files inside of `daffodil-vscode` correct? As the `bin` files between the two should differ as the daffodil-debugger Scala code doesn't use the same dependencies as the daffodil project.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836671716
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
Okay that makes sense, do you want those other dependencies removed or anything else updated before I merge in this PR in? After merge would I be good to release RC3 or do you think I should wait till that daffodil PR is merged than fix the bin files and make another PR or keep this one open till that time?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836764685
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
@stevedlawrence Hey Steve, I am going through and updating stuff here so if something doesn't have a NOTICE but has a LICENSE it can be excluded from `bin.NOTICE` if the license is added to `bin.LICENSE` correct? What about something that has neither LICENSE or NOTICE does that just not get added to either file? What if the LICENSE is an Apache license does that need added to that file or we bypass those?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836777386
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
Also in the PR for daffodil some of the items that have `no NOTICE in JAR` have the license mentioned so could those just be removed from the `bin.NOTICE`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r837786501
##########
File path: build/bin.NOTICE
##########
@@ -169,3 +166,71 @@ Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
+
+Apache Commons Codec (lib/commons-codec.commons-codec-<VERSION>.jar)
+ Apache Commons Codec
+ Copyright 2002-2017 The Apache Software Foundation
+
+ src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java
+ contains test data from http://aspell.net/test/orig/batch0.tab.
+ Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
+
+ ===============================================================================
+
+ The content of package org.apache.commons.codec.language.bm has been translated
+ from the original php source code available at http://stevemorse.org/phoneticinfo.htm
+ with permission from the original authors.
+ Original source copyright:
+ Copyright (c) 2008 Alexander Beider & Stephen P. Morse.
+
+Apache Commons Logging (lib/commons-logging.commons-logging-<VERSION>.jar)
+ Apache Commons Logging
+ Copyright 2003-2014 The Apache Software Foundation
+
+Apache HttpClient (lib/org.apache.httpcomponents.httpclient-<VERSION>.jar)
+ Apache HttpClient
+ Copyright 1999-2020 The Apache Software Foundation
+
+Apache HttpCore (lib/org.apache.httpcomponents.httpcore-<VERSION>.jar)
+ Apache HttpCore
+ Copyright 2005-2020 The Apache Software Foundation
+
+Apache Log4j (lib/org.apache.logging.log4j.log4j-api-<VERSION>.jar, org.apache.logging.log4j.log4j-core-<VERSION>.jar)
+ Apache Log4j
+ Copyright 1999-2019 Apache Software Foundation
+
+ This product includes software developed at
+ The Apache Software Foundation (http://www.apache.org/).
+
+ ResolverUtil.java
+ Copyright 2005-2006 Tim Fennell
+
+ Dumbster SMTP test server
Review comment:
Yeah, we originally just copied from what other projects do, but it should be fine to have a license directory, and is definitely easier to manage. However, I'm not sure you can do the same for NOTICES. I think those have to be in the NOTICE file.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] mbeckerle commented on pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
mbeckerle commented on pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#issuecomment-1084595417
+1 I'm good with these changes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836621193
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
@stevedlawrence So I updated this on the weekend to contain the contents I found in `daffodil/NOTICE` was that not the correct fix for this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#issuecomment-1084597524
+1, looks good
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#issuecomment-1080667418
> Can move to 2.13.8 at some point not sure when we want to do this however.
Daffodil does not work with 2.13, probably can't update until Daffodil supports it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836673540
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
I think the dependency changes look fine. RC3 should be good once this is merged, but I might make sense to include the bin.NOTICE and bin.LICENSE updates in this PR. Also, did you confirm that the updated dependencies did not have a change to their LICENSE or NOTICE files that needs to be incorporated into bin.NOTICE/bin.LICENE?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836777386
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
Also in the PR for daffodil some of the items that have `no NOTICE in JAR` have the license mentioned in `bin.LICENSE` so could those just be removed from the `bin.NOTICE`? Some of them also have Apache licenses so should those be removed from the `bin.NOTICE` file?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] stevedlawrence commented on a change in pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
stevedlawrence commented on a change in pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#discussion_r836423894
##########
File path: build/bin.NOTICE
##########
@@ -165,7 +181,7 @@ ip4s (lib/com.comcast:ip4s-core.jar-<VERSION>.jar)
Apache Commons Lang (lib/org.apache.commons:commons-lang3-<VERSION>.jar)
Apache Commons Lang
- Copyright 2001-2021 The Apache Software Foundation
-
+ Copyright 2001-2022 The Apache Software Foundation
+
This product includes software developed at
The Apache Software Foundation (https://www.apache.org/).
Review comment:
We just made a bunch of corrections to this file that are accurate for 3.3.0. You might need to incorporate some of those changes.
##########
File path: project/plugins.sbt
##########
@@ -21,3 +21,17 @@ addSbtPlugin("io.github.davidgregory084" % "sbt-tpolecat" % "0.1.17")
addSbtPlugin("org.musigma" % "sbt-rat" % "0.7.0")
addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.4.3")
addSbtPlugin("com.github.battermann" % "sbt-json" % "0.5.0")
+
+/**
+ * These dependencies are used in a effort to support checking dependencies
+ * for CVEs and making sure they are up to date. As well being able to track
+ * dependencies of dependencies.
+ *
+ * Commands:
+ * Check dependencies for CVEs -> sbt dependencyCheckAggregate
+ * Print out dependency tree -> sbt dependencyTree
+ * Check for available dependency updates -> sbt dependencyUpdates
+ */
+addDependencyTreePlugin
+addSbtPlugin("net.vonbuchholtz" % "sbt-dependency-check" % "4.0.0")
+addSbtPlugin("com.timushev.sbt" % "sbt-updates" % "0.6.1")
Review comment:
Personally, I think these plugins should be part of ~/.sbt/plugins/plugins.sbt rather than the repo since these aren't strictly needed for the vscode repo. Minimizes dependencies for people that don't care about this this stuff. But I don't feel that strongly about it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell edited a comment on pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell edited a comment on pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#issuecomment-1081094116
@tuxji @mbeckerle @stevedlawrence Can you guys give the PR another look over and decide if you are sticking with your +1. I just pushed a commit that:
- Removed dependency checking plugins from `project/plugins.sbt`
- Updated `bin.LICENSE` to have LICENSES of additional JARs. Some of these came from Daffodil. These were just added these to the bottom of the file.
- Updated `bin.NOTICE` to have NOTICE of additional JARs. Some of these came from Daffodil. These were just added these to the bottom of the file.
NOTE: Some dependencies that are not listed in `bin.NOTICE` or `bin.LICENSE` is because they use an Apache License without having a NOTICE file.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [daffodil-vscode] Shanedell commented on pull request #96: RC2 Updates
Posted by GitBox <gi...@apache.org>.
Shanedell commented on pull request #96:
URL: https://github.com/apache/daffodil-vscode/pull/96#issuecomment-1081094116
@tuxji @mbeckerle @stevedlawrence Can you guys give the PR another look over and decided if you are sticking with your +1. I just pushed a commit that:
- Removed dependency checking plugins from `project/plugins.sbt`
- Updated `bin.LICENSE` to have LICENSES of additional JARs. Some of these came from Daffodil. These were just added these to the bottom of the file.
- Updated `bin.NOTICE` to have NOTICE of additional JARs. Some of these came from Daffodil. These were just added these to the bottom of the file.
NOTE: Some dependencies that are not listed in `bin.NOTICE` or `bin.LICENSE` is becayse they use an Apache License without having a NOTICE file.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org