You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pulsar.apache.org by ZhangJian He <sh...@gmail.com> on 2021/12/03 09:20:17 UTC

Re: Missing check on .jar files committed to the source repo

Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
check, the reviewers can find if it's reasonable.

Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道：

> ping
>
>
> Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> eolivelli@gmail.com>
> ha scritto:
>
> > Hello,
> > This patch [1] contains a .jar file that must not be committed to the
> > source repository.
> > We generally cannot commit binary files to the source repo, as it won't
> be
> > "open source" anymore.
> >
> > When we are permitted to commit binary/compiled code, there must be a
> very
> > good reason and it must be approved explicitly and noted somewhere
> (NOTICE
> > file?)
> >
> > My point here is that we are missing some automated check to prevent such
> > accidental commits.
> > I believe that we have to add a check to be run at every PR validation
> and
> > during the release process that our source distribution does not contain
> > compiled code.
> >
> > Thoughts ?
> >
> > Enrico
> >
> > [1] https://github.com/apache/pulsar/pull/12535
> >
> >
>

Re: Missing check on .jar files committed to the source repo

Posted by Dave Fisher <wa...@apache.org>.


> On Dec 3, 2021, at 11:45 AM, Michael Marshall <mm...@apache.org> wrote:
> 
>> Automated checks are useful because we are human and we usually miss to
>> validate this kind of boring stuff.
> 
> +1 I think it sounds appropriate to add an automated check. If a use
> case arises where we need to add compiled files, we'll also need a way
> to bypass/override this check.

For example, have a look at why grade wrapper jars cannot be included - https://issues.apache.org/jira/browse/LEGAL-570

Regards,
Dave

> 
> Michael
> 
> On Fri, Dec 3, 2021 at 7:10 AM Enrico Olivelli <eo...@gmail.com> wrote:
>> 
>> Il giorno ven 3 dic 2021 alle ore 10:36 ZhangJian He <sh...@gmail.com>
>> ha scritto:
>> 
>>> I agree. I mean that the situation can be easily judged during the review
>>> process. So I think the automated check sames not so valuable.
>>> If you prefer, I have no objection.
>>> 
>> 
>> Automated checks are useful because we are human and we usually miss to
>> validate this kind of boring stuff.
>> It is very like LICENSE headers, NOTICE files, checkstyle....
>> :-)
>> 
>> Enrico
>> 
>>> 
>>> 
>>> Thanks
>>> ZhangJian He
>>> 
>>> Enrico Olivelli <eo...@gmail.com> 于2021年12月3日周五 17:22写道：
>>> 
>>>> Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <shoothzj@gmail.com
>>>> 
>>>> ha scritto:
>>>> 
>>>>> Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
>>>>> check, the reviewers can find if it's reasonable.
>>>>> 
>>>> 
>>>> For some files there are specific acceptance rules.
>>>> But we cannot commit other files that are not needed.
>>>> 
>>>> 
>>>> Enrico
>>>> 
>>>> 
>>>>> 
>>>>> Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道：
>>>>> 
>>>>>> ping
>>>>>> 
>>>>>> 
>>>>>> Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
>>>>>> eolivelli@gmail.com>
>>>>>> ha scritto:
>>>>>> 
>>>>>>> Hello,
>>>>>>> This patch [1] contains a .jar file that must not be committed to
>>> the
>>>>>>> source repository.
>>>>>>> We generally cannot commit binary files to the source repo, as it
>>>> won't
>>>>>> be
>>>>>>> "open source" anymore.
>>>>>>> 
>>>>>>> When we are permitted to commit binary/compiled code, there must
>>> be a
>>>>>> very
>>>>>>> good reason and it must be approved explicitly and noted somewhere
>>>>>> (NOTICE
>>>>>>> file?)
>>>>>>> 
>>>>>>> My point here is that we are missing some automated check to
>>> prevent
>>>>> such
>>>>>>> accidental commits.
>>>>>>> I believe that we have to add a check to be run at every PR
>>>> validation
>>>>>> and
>>>>>>> during the release process that our source distribution does not
>>>>> contain
>>>>>>> compiled code.
>>>>>>> 
>>>>>>> Thoughts ?
>>>>>>> 
>>>>>>> Enrico
>>>>>>> 
>>>>>>> [1] https://github.com/apache/pulsar/pull/12535
>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>> 
>>>> 
>>>

Re: Missing check on .jar files committed to the source repo

Posted by Michael Marshall <mm...@apache.org>.

> Automated checks are useful because we are human and we usually miss to
> validate this kind of boring stuff.

+1 I think it sounds appropriate to add an automated check. If a use
case arises where we need to add compiled files, we'll also need a way
to bypass/override this check.

Michael

On Fri, Dec 3, 2021 at 7:10 AM Enrico Olivelli <eo...@gmail.com> wrote:
>
> Il giorno ven 3 dic 2021 alle ore 10:36 ZhangJian He <sh...@gmail.com>
> ha scritto:
>
> > I agree. I mean that the situation can be easily judged during the review
> > process. So I think the automated check sames not so valuable.
> > If you prefer, I have no objection.
> >
>
> Automated checks are useful because we are human and we usually miss to
> validate this kind of boring stuff.
> It is very like LICENSE headers, NOTICE files, checkstyle....
> :-)
>
> Enrico
>
> >
> >
> > Thanks
> > ZhangJian He
> >
> > Enrico Olivelli <eo...@gmail.com> 于2021年12月3日周五 17:22写道：
> >
> > > Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <shoothzj@gmail.com
> > >
> > > ha scritto:
> > >
> > > > Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
> > > > check, the reviewers can find if it's reasonable.
> > > >
> > >
> > > For some files there are specific acceptance rules.
> > > But we cannot commit other files that are not needed.
> > >
> > >
> > > Enrico
> > >
> > >
> > > >
> > > > Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道：
> > > >
> > > > > ping
> > > > >
> > > > >
> > > > > Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> > > > > eolivelli@gmail.com>
> > > > > ha scritto:
> > > > >
> > > > > > Hello,
> > > > > > This patch [1] contains a .jar file that must not be committed to
> > the
> > > > > > source repository.
> > > > > > We generally cannot commit binary files to the source repo, as it
> > > won't
> > > > > be
> > > > > > "open source" anymore.
> > > > > >
> > > > > > When we are permitted to commit binary/compiled code, there must
> > be a
> > > > > very
> > > > > > good reason and it must be approved explicitly and noted somewhere
> > > > > (NOTICE
> > > > > > file?)
> > > > > >
> > > > > > My point here is that we are missing some automated check to
> > prevent
> > > > such
> > > > > > accidental commits.
> > > > > > I believe that we have to add a check to be run at every PR
> > > validation
> > > > > and
> > > > > > during the release process that our source distribution does not
> > > > contain
> > > > > > compiled code.
> > > > > >
> > > > > > Thoughts ?
> > > > > >
> > > > > > Enrico
> > > > > >
> > > > > > [1] https://github.com/apache/pulsar/pull/12535
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >

Re: Missing check on .jar files committed to the source repo

Posted by Enrico Olivelli <eo...@gmail.com>.

Il giorno ven 3 dic 2021 alle ore 10:36 ZhangJian He <sh...@gmail.com>
ha scritto:

> I agree. I mean that the situation can be easily judged during the review
> process. So I think the automated check sames not so valuable.
> If you prefer, I have no objection.
>

Automated checks are useful because we are human and we usually miss to
validate this kind of boring stuff.
It is very like LICENSE headers, NOTICE files, checkstyle....
:-)

Enrico

>
>
> Thanks
> ZhangJian He
>
> Enrico Olivelli <eo...@gmail.com> 于2021年12月3日周五 17:22写道：
>
> > Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <shoothzj@gmail.com
> >
> > ha scritto:
> >
> > > Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
> > > check, the reviewers can find if it's reasonable.
> > >
> >
> > For some files there are specific acceptance rules.
> > But we cannot commit other files that are not needed.
> >
> >
> > Enrico
> >
> >
> > >
> > > Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道：
> > >
> > > > ping
> > > >
> > > >
> > > > Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> > > > eolivelli@gmail.com>
> > > > ha scritto:
> > > >
> > > > > Hello,
> > > > > This patch [1] contains a .jar file that must not be committed to
> the
> > > > > source repository.
> > > > > We generally cannot commit binary files to the source repo, as it
> > won't
> > > > be
> > > > > "open source" anymore.
> > > > >
> > > > > When we are permitted to commit binary/compiled code, there must
> be a
> > > > very
> > > > > good reason and it must be approved explicitly and noted somewhere
> > > > (NOTICE
> > > > > file?)
> > > > >
> > > > > My point here is that we are missing some automated check to
> prevent
> > > such
> > > > > accidental commits.
> > > > > I believe that we have to add a check to be run at every PR
> > validation
> > > > and
> > > > > during the release process that our source distribution does not
> > > contain
> > > > > compiled code.
> > > > >
> > > > > Thoughts ?
> > > > >
> > > > > Enrico
> > > > >
> > > > > [1] https://github.com/apache/pulsar/pull/12535
> > > > >
> > > > >
> > > >
> > >
> >
>

Re: Missing check on .jar files committed to the source repo

Posted by ZhangJian He <sh...@gmail.com>.

I agree. I mean that the situation can be easily judged during the review
process. So I think the automated check sames not so valuable.
If you prefer, I have no objection.


Thanks
ZhangJian He

Enrico Olivelli <eo...@gmail.com> 于2021年12月3日周五 17:22写道：

> Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <sh...@gmail.com>
> ha scritto:
>
> > Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
> > check, the reviewers can find if it's reasonable.
> >
>
> For some files there are specific acceptance rules.
> But we cannot commit other files that are not needed.
>
>
> Enrico
>
>
> >
> > Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道：
> >
> > > ping
> > >
> > >
> > > Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> > > eolivelli@gmail.com>
> > > ha scritto:
> > >
> > > > Hello,
> > > > This patch [1] contains a .jar file that must not be committed to the
> > > > source repository.
> > > > We generally cannot commit binary files to the source repo, as it
> won't
> > > be
> > > > "open source" anymore.
> > > >
> > > > When we are permitted to commit binary/compiled code, there must be a
> > > very
> > > > good reason and it must be approved explicitly and noted somewhere
> > > (NOTICE
> > > > file?)
> > > >
> > > > My point here is that we are missing some automated check to prevent
> > such
> > > > accidental commits.
> > > > I believe that we have to add a check to be run at every PR
> validation
> > > and
> > > > during the release process that our source distribution does not
> > contain
> > > > compiled code.
> > > >
> > > > Thoughts ?
> > > >
> > > > Enrico
> > > >
> > > > [1] https://github.com/apache/pulsar/pull/12535
> > > >
> > > >
> > >
> >
>

Re: Missing check on .jar files committed to the source repo

Posted by Enrico Olivelli <eo...@gmail.com>.

Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <sh...@gmail.com>
ha scritto:

> Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
> check, the reviewers can find if it's reasonable.
>

For some files there are specific acceptance rules.
But we cannot commit other files that are not needed.


Enrico


>
> Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道：
>
> > ping
> >
> >
> > Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> > eolivelli@gmail.com>
> > ha scritto:
> >
> > > Hello,
> > > This patch [1] contains a .jar file that must not be committed to the
> > > source repository.
> > > We generally cannot commit binary files to the source repo, as it won't
> > be
> > > "open source" anymore.
> > >
> > > When we are permitted to commit binary/compiled code, there must be a
> > very
> > > good reason and it must be approved explicitly and noted somewhere
> > (NOTICE
> > > file?)
> > >
> > > My point here is that we are missing some automated check to prevent
> such
> > > accidental commits.
> > > I believe that we have to add a check to be run at every PR validation
> > and
> > > during the release process that our source distribution does not
> contain
> > > compiled code.
> > >
> > > Thoughts ?
> > >
> > > Enrico
> > >
> > > [1] https://github.com/apache/pulsar/pull/12535
> > >
> > >
> >
>