You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Roman Shaposhnik <rv...@apache.org> on 2017/05/26 21:49:46 UTC
Good examples of licensing in ASF produced web apps?
Hi!
I advising a podling on producing a binary release that
includes a Java web app (think war file). I wanted to give
them a taste of what TLPs do so I went to the ones that
I knew were generating war files: Oozie and Ranger.
You know the stuff I'm familiar with in Hadoop ecosystem.
What he discovered may shock you! No, but seriously.
Here's what these projects publish on Maven central:
https://search.maven.org/remotecontent?filepath=org/apache/oozie/oozie-webapp/4.3.0/oozie-webapp-4.3.0.war
https://search.maven.org/remotecontent?filepath=org/apache/ranger/security-admin-web/0.7.0/security-admin-web-0.7.0.war
Each of these WAR files:
1. bundles all sorts of dependancies -- not just the bits coming
from the project itself
2. Neither provides a meanigful LICENSE nor NOTICE files.
The ones under ./WEB-INF/classes/META-INF are stock ones
and really don't address the binary dependencies bundling
Have we somehow relaxed the requirements for binary artifacts?
I hope not -- and if not -- what are the good examples of web app
projects doing it right?
Thanks,
Roman.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Good examples of licensing in ASF produced web apps?
Posted by Felix Meschberger <fm...@adobe.com.INVALID>.
Hi Roman
As has been mentioned by others, I would not think there is any relaxation. At the end of the day, it is something we build and distribute. So not having appropriate LICENSE and NOTICE (and probably DEPENDENCIES) is a no-go.
Having said that: The default Maven WAR plugin is just bundling the transitive clousure dependencies of the project, which if you don’t pay attention is half of the internet. JAR hell live.
Apache Sling also distributes WAR files. The difference here is that it is built with a custom-built plugin because essentially Sling only uses the servlet container as a container and manages its own deployment through an OSGi framework.
For example http://www-eu.apache.org/dist/sling/org.apache.sling.launchpad-8-webapp.war
Regards
Felix
Am 26.05.2017 um 23:49 schrieb Roman Shaposhnik <rv...@apache.org>>:
Hi!
I advising a podling on producing a binary release that
includes a Java web app (think war file). I wanted to give
them a taste of what TLPs do so I went to the ones that
I knew were generating war files: Oozie and Ranger.
You know the stuff I'm familiar with in Hadoop ecosystem.
What he discovered may shock you! No, but seriously.
Here's what these projects publish on Maven central:
https://search.maven.org/remotecontent?filepath=org/apache/oozie/oozie-webapp/4.3.0/oozie-webapp-4.3.0.war
https://search.maven.org/remotecontent?filepath=org/apache/ranger/security-admin-web/0.7.0/security-admin-web-0.7.0.war
Each of these WAR files:
1. bundles all sorts of dependancies -- not just the bits coming
from the project itself
2. Neither provides a meanigful LICENSE nor NOTICE files.
The ones under ./WEB-INF/classes/META-INF are stock ones
and really don't address the binary dependencies bundling
Have we somehow relaxed the requirements for binary artifacts?
I hope not -- and if not -- what are the good examples of web app
projects doing it right?
Thanks,
Roman.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Good examples of licensing in ASF produced web apps?
Posted by Myrle Krantz <my...@apache.org>.
Hey John,
On Sat, May 27, 2017 at 1:42 AM, John D. Ament <jo...@apache.org> wrote:
> On Fri, May 26, 2017 at 7:39 PM Roman Shaposhnik <ro...@shaposhnik.org>
> wrote:
>>
>> However, if somebody can spare me this agony -- I'd appreciate it ;-)
>>
>>
> I believe Fineract would be a good example. I don't think they're on maven
> central, but you can download them -
> https://dist.apache.org/repos/dist/release/fineract/0.6.0-incubating/apache-fineract-0.6.0-incubating-binary.tar.gz
>
> NOTICE/LICENSE in the root of the distribution + the WAR file (in WEB-INF).
>
Apache Fineract code does not currently contain a UI. The Mifos
Initiative did not donate the UI because of licensing issues. Some
colleagues and I at Kuelap are working on a UI we wish to donate to
the project, but it is not yet under Apache's auspices.
Sorry, I can't be of more help,
Myrle
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Good examples of licensing in ASF produced web apps?
Posted by "John D. Ament" <jo...@apache.org>.
On Fri, May 26, 2017 at 7:39 PM Roman Shaposhnik <ro...@shaposhnik.org>
wrote:
> On Fri, May 26, 2017 at 4:37 PM, John D. Ament <jo...@apache.org>
> wrote:
> > I'll point out that Ranger graduated the incubator with a less than
> stellar
> > release history. [1] is a good example of such problems
> >
> > Oozie predates me.
> >
> > But to answer the original question, no, the requirements shouldn't be
> any
> > less stringent on WAR files vs other packages, its a closed package that
> is
> > hard to look at and needs to indicate everything within it. While both
> of
> > these projects were incubating, they are no longer incubating and you
> > should follow up with them directly if you want them to fix their
> licensing.
>
> I do -- but that gets me back to my original question -- what example
> can I give them?
>
> Seriously -- at this point -- I'm about to go to Maven central and
> search for org.apache.*
> artifacts with war as packaging and see what comes up in terms of
> recent releases.
>
> However, if somebody can spare me this agony -- I'd appreciate it ;-)
>
>
I believe Fineract would be a good example. I don't think they're on maven
central, but you can download them -
https://dist.apache.org/repos/dist/release/fineract/0.6.0-incubating/apache-fineract-0.6.0-incubating-binary.tar.gz
NOTICE/LICENSE in the root of the distribution + the WAR file (in WEB-INF).
> Thanks,
> Roman.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: Good examples of licensing in ASF produced web apps?
Posted by Richard Downer <ri...@apache.org>.
Hi Roman,
Didn't see this email sooner so I hope you haven't spent two days trawling
Maven Central!
Take a look at Brooklyn. One of our artifacts is a WAR file for the web UI.
Ultimately it's embedded in the final product of the build, but it does
exist as a standalone WAR file so may be useful for your purposes. We spent
a lot of effort making sure that LICENSE and NOTICE are correct for every
individual artifact we produce, and this particular one does have a lengthy
LICENSE thanks to all the embedded binary dependencies.
Take a look at:
https://repo1.maven.org/maven2/org/apache/brooklyn/brooklyn-jsgui/0.11.0/
Hope this helps.
Richard.
On 27 May 2017 at 00:39, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
> On Fri, May 26, 2017 at 4:37 PM, John D. Ament <jo...@apache.org>
> wrote:
> > I'll point out that Ranger graduated the incubator with a less than
> stellar
> > release history. [1] is a good example of such problems
> >
> > Oozie predates me.
> >
> > But to answer the original question, no, the requirements shouldn't be
> any
> > less stringent on WAR files vs other packages, its a closed package that
> is
> > hard to look at and needs to indicate everything within it. While both
> of
> > these projects were incubating, they are no longer incubating and you
> > should follow up with them directly if you want them to fix their
> licensing.
>
> I do -- but that gets me back to my original question -- what example
> can I give them?
>
> Seriously -- at this point -- I'm about to go to Maven central and
> search for org.apache.*
> artifacts with war as packaging and see what comes up in terms of
> recent releases.
>
> However, if somebody can spare me this agony -- I'd appreciate it ;-)
>
> Thanks,
> Roman.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: Good examples of licensing in ASF produced web apps?
Posted by Roman Shaposhnik <ro...@shaposhnik.org>.
On Fri, May 26, 2017 at 4:37 PM, John D. Ament <jo...@apache.org> wrote:
> I'll point out that Ranger graduated the incubator with a less than stellar
> release history. [1] is a good example of such problems
>
> Oozie predates me.
>
> But to answer the original question, no, the requirements shouldn't be any
> less stringent on WAR files vs other packages, its a closed package that is
> hard to look at and needs to indicate everything within it. While both of
> these projects were incubating, they are no longer incubating and you
> should follow up with them directly if you want them to fix their licensing.
I do -- but that gets me back to my original question -- what example
can I give them?
Seriously -- at this point -- I'm about to go to Maven central and
search for org.apache.*
artifacts with war as packaging and see what comes up in terms of
recent releases.
However, if somebody can spare me this agony -- I'd appreciate it ;-)
Thanks,
Roman.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Good examples of licensing in ASF produced web apps?
Posted by "John D. Ament" <jo...@apache.org>.
I'll point out that Ranger graduated the incubator with a less than stellar
release history. [1] is a good example of such problems
Oozie predates me.
But to answer the original question, no, the requirements shouldn't be any
less stringent on WAR files vs other packages, its a closed package that is
hard to look at and needs to indicate everything within it. While both of
these projects were incubating, they are no longer incubating and you
should follow up with them directly if you want them to fix their licensing.
[1]:
https://lists.apache.org/thread.html/2dda0fef19673055482574d6d7350273bb6db55026ab9f10b4cf461c@%3Cgeneral.incubator.apache.org%3E
On Fri, May 26, 2017 at 6:26 PM P. Taylor Goetz <pt...@gmail.com> wrote:
>
>
> > On May 26, 2017, at 5:54 PM, Roman Shaposhnik <ro...@shaposhnik.org>
> wrote:
> >
> > But that's actually not important -- you're right bundling
> > dependencies is OK, but
> > doing that makes it even more important to do proper LICENSE and NOTICE.
>
> IMO, you hit the nail on the head right there. I would hope the war file
> would contain both and they reflect the dependencies contained in the war
> file (as opposed to the official source distribution, which may not).
>
> -Taylor
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: Good examples of licensing in ASF produced web apps?
Posted by "P. Taylor Goetz" <pt...@gmail.com>.
> On May 26, 2017, at 5:54 PM, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
>
> But that's actually not important -- you're right bundling
> dependencies is OK, but
> doing that makes it even more important to do proper LICENSE and NOTICE.
IMO, you hit the nail on the head right there. I would hope the war file would contain both and they reflect the dependencies contained in the war file (as opposed to the official source distribution, which may not).
-Taylor
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Good examples of licensing in ASF produced web apps?
Posted by Roman Shaposhnik <ro...@shaposhnik.org>.
On Fri, May 26, 2017 at 2:52 PM, Tom Barber <to...@spicule.co.uk> wrote:
> I don't have any examples, but I don't know of any webapps that don't
> bundle dependencies otherwise users are forced to install all the
> dependencies by hand into tomcat/common or something. Whether they
> dependencies are ASF compatible or not I don't know, but from the peanut
> gallery that sounds completely normal.
Well my podling doesn't -- they manipulate TC classpath to find extra
dependencies.
But that's actually not important -- you're right bundling
dependencies is OK, but
doing that makes it even more important to do proper LICENSE and NOTICE.
The examples I see in Ooize and Ranger are pretty shockingly not doing any of
that.
Thanks,
Roman.
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Good examples of licensing in ASF produced web apps?
Posted by Tom Barber <to...@spicule.co.uk>.
I don't have any examples, but I don't know of any webapps that don't
bundle dependencies otherwise users are forced to install all the
dependencies by hand into tomcat/common or something. Whether they
dependencies are ASF compatible or not I don't know, but from the peanut
gallery that sounds completely normal.
Tom
On Fri, May 26, 2017 at 10:49 PM, Roman Shaposhnik <rv...@apache.org> wrote:
> Hi!
>
> I advising a podling on producing a binary release that
> includes a Java web app (think war file). I wanted to give
> them a taste of what TLPs do so I went to the ones that
> I knew were generating war files: Oozie and Ranger.
> You know the stuff I'm familiar with in Hadoop ecosystem.
>
> What he discovered may shock you! No, but seriously.
>
> Here's what these projects publish on Maven central:
>
> https://search.maven.org/remotecontent?filepath=org/
> apache/oozie/oozie-webapp/4.3.0/oozie-webapp-4.3.0.war
> https://search.maven.org/remotecontent?filepath=org/
> apache/ranger/security-admin-web/0.7.0/security-admin-web-0.7.0.war
>
> Each of these WAR files:
> 1. bundles all sorts of dependancies -- not just the bits coming
> from the project itself
>
> 2. Neither provides a meanigful LICENSE nor NOTICE files.
> The ones under ./WEB-INF/classes/META-INF are stock ones
> and really don't address the binary dependencies bundling
>
> Have we somehow relaxed the requirements for binary artifacts?
> I hope not -- and if not -- what are the good examples of web app
> projects doing it right?
>
> Thanks,
> Roman.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
--
Tom Barber
CTO Spicule LTD
tom@spicule.co.uk
http://spicule.co.uk
@spiculeim <http://twitter.com/spiculeim>
Schedule a meeting with me <http://meetme.so/spicule>
GB: +44(0)5603641316
US: +18448141689
<https://leanpub.com/juju-cookbook>
Fwd: Good examples of licensing in ASF produced web apps?
Posted by Selvamohan Neethiraj <sn...@apache.org>.
@Ranger,
Please see the email below which indicates that Ranger WAR file have dependencies that should not be bundled and/or specified in the LICENSE/NOTICE files. Can we review our binary release files to ensure that we are in compliance with Apache Releases?
@Roman:
We will try to go through the list and ensure that our LICENSE and NOTICE files are updated with bundled binaries ? (RANGER-1623 <https://issues.apache.org/jira/browse/RANGER-1623>)
In the meanwhile, if you can add the details on the files that are not in compliance in the above JIRA, it will greatly help the ranger community to fix it asap.
Thanks,
Selva-
> Begin forwarded message:
>
> From: Roman Shaposhnik <rv...@apache.org>
> Subject: Good examples of licensing in ASF produced web apps?
> Date: May 26, 2017 at 5:49:46 PM EDT
> To: "general@incubator.apache.org" <ge...@incubator.apache.org>
> Reply-To: general@incubator.apache.org
>
> Hi!
>
> I advising a podling on producing a binary release that
> includes a Java web app (think war file). I wanted to give
> them a taste of what TLPs do so I went to the ones that
> I knew were generating war files: Oozie and Ranger.
> You know the stuff I'm familiar with in Hadoop ecosystem.
>
> What he discovered may shock you! No, but seriously.
>
> Here's what these projects publish on Maven central:
>
> https://search.maven.org/remotecontent?filepath=org/apache/oozie/oozie-webapp/4.3.0/oozie-webapp-4.3.0.war
> https://search.maven.org/remotecontent?filepath=org/apache/ranger/security-admin-web/0.7.0/security-admin-web-0.7.0.war
>
> Each of these WAR files:
> 1. bundles all sorts of dependancies -- not just the bits coming
> from the project itself
>
> 2. Neither provides a meanigful LICENSE nor NOTICE files.
> The ones under ./WEB-INF/classes/META-INF are stock ones
> and really don't address the binary dependencies bundling
>
> Have we somehow relaxed the requirements for binary artifacts?
> I hope not -- and if not -- what are the good examples of web app
> projects doing it right?
>
> Thanks,
> Roman.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>