You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Justin Mclean <ju...@classsoftware.com> on 2016/02/16 06:56:46 UTC
Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Hi,
+1 binding
I checked:
- incubating in file name
- hashes and signatures good
- DISCLAIMER exits
- Source LICENSE good (although the short form of the license is prefered) [1]
- Source NOICE has a little bit of extra info in it - there's no need to mention MIT software [1]
- No unexpected binary files in source release
- All source files have Apache headers
- Unable to compile from source
I got this error when compiling - looks like a path may be wrong:
[INFO] Apache Unomi :: Distribution Package ............... FAILURE [ 0.568 s]
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7:run (copy-karaf) on project unomi: An Ant BuildException has occured: /Users/justinmclean/Downloads/ApacheUnomi/unomi-1.0.0-incubating/package/target/assembly/elasticsearch-1.6.2/lib/sigar does not exist.
Everything else compiled fine it just looks like creating the distribution package failed, I’m assuming this is not a big issue.
I think the path should be??
./unomi-1.0.0-incubating/package/target/assembly/lib/sigar/
You may want to fix header on this file [2].
Also can you please place the binaries in the correct place, this was raised as an issue for the last release candidate.
Now for the binary convenience release, sorry this is long, but I think a bit more work need to be done here.
The LICENSE file:
- Boiler place Apache license should be at the top often file
- Please use short form of the licenses
- It not clear what is licensed under the CDDL or GPL licenses
- GPLv2 is considered a category X license and should not be bundled with Apache software. Why is this here?
- Is missing a large number of licences that require being put in LICENSE
For what I could find GPL software bundled includes woodstock [4], code model [5] and tanuki software java service wrapper [12] . Is there other bundled GPL software? Is the GPL issue known about and is the intent to replace that software?
License should contain:
- non ASF licensed software including bndlib, Jackson core, jackson databind, Jackson annotations, Fast Infoset Standard for Binary XML, ehcache, jettison, elastic search, jansi, sigar (was GPL may need to double check), jledit, Joda-Time, Fast Infoset Project, OpenWS, several ops4j projects, osgi jmx, slf4j, spring framework, SnakeYAML, Spatial4j, Quality Check, UAdetector, GeoIP2, Google HTTP Client Library For Java, MaxMind DB, mvel2
- CPL license wsdl4j
- CDDL JAXB Binding Compiler, JAXB Runtime module
- dual license CDDL/GPL code model, sun el [6], stack commons, Java mail [7], SOAP with Attachments API for Java [8], TXW2 Runtime [9], XSOM,
- BSD licensed Jline, Stax2, knopflerfish, ASM, RelaxngDatatype, StringTemplate 4
- public domain AOP Alliance, SAX
- EPL Eclipses’s aether, eclipse core runtime, equinox, java development tools core
- EPL/Apache dual licensed Jetty (may actually be a mix of CDDL, EPL and GPL)
- dual licensed(?) EPL/Apache hawtjni
- MIT licensed RELAX NG Object Model / Parser
- MPL licensed Rhino, juniversalchardet
- W3C dom
- licenses from Sigar notice file
- Apache 1.1 license Apache Avalon , Apache Xalan
- double check what included from Apache CXF [13]
- double check what’s included from Apache Felix (no LICENSE/NOTICE in github mirror)
- include what is in Apache Karaf license file (if bundled)
- MPL license software form Apaceh Servicemix notice file
- double check what’s been bundled from Apaceh Xerces (no LICENSE/NOTICE in github mirror)
The the dual license CDDL/GPL can be treated as GPL if you don’t specify the license choice. (see links below) You probably need to put this in the NOTICE file.
Sigar's license may be an issue as while it’s Apache licensed it also includes further restrictions [11]
"You acknowledge that Software is not designed, licensed or intended for use in
the design, construction, operation or maintenance of any nuclear facility
("High Risk Activities"). “
I did this fairly quickly and will have missed a few things, you just need to look at the jars you are including and what is inside them. I notice some bundled jars also
contain jars so you’ll need to look in those as well. I may of got the versions wrong and different versions could be licensed under different licenses.
The NOTICE file:
- No need to list MIT or BSD or Apace licensed in NOTICE
- No need to include everything from the sigar NOTICE probably only the copyright line is needed but not 100% sure
- No need to list copyright for org.apache.karaf.management, org.apache.openwebbeans, HttpCore, org.apache.sshd, org.apache.servicemix.bundles, commons-lang, org.apache.karaf.features, org.apache.mina, org.apache.karaf.kar, org.apache.karaf.jaas, org.apache.karaf.bundle, org.apache.karaf.deployer, org.apache.aries etc etc etc
- No need for extra "This product includes software developed by the ASF”
- Any non ASF Apache license software copyright should be in LICENSE not NOTICE
- Notice for opensaml looks incorrect [3]?
- Even with the amount of bundled software here I expect the NOTICE file to be closer to 100 lines rather than the 1000 lines it is
Notice files I saw that IMO may effect NOTICE include:
Apache Santuario, Jetty, Sigar, Apache Avalon, Apache Commons Codec, Apache Felix, Apache Geronimo, Apache Karaf, Apache Neethi, Apache Xalan, Apache Xerces
Also note the dual CDDL/GPL license info mention above.
Thanks,
Justin
1. http://www.apache.org/dev/licensing-howto.html#permissive-deps
2. ./samples/tweet-button-plugin/src/main/resources/OSGI-INF/blueprint/blueprint.xml
3. https://github.com/OpenConext/spring-security-opensaml/blob/master/NOTICE.TXT
4. http://central.maven.org/maven2/com/ctc/wstx/woodstox-osgi/3.2.1.1/woodstox-osgi-3.2.1.1.pom
5. http://central.maven.org/maven2/com/sun/codemodel/codemodel-project/2.6/codemodel-project-2.6.pom
6. https://java.net/projects/el-spec/sources/source-code/content/trunk/pom.xml?rev=285 (Notice this would effect the NOTICE file)
7. http://central.maven.org/maven2/com/sun/mail/all/1.5.2/all-1.5.2.pom (would also effect notice)
8. http://central.maven.org/maven2/com/sun/xml/messaging/saaj/saaj-impl/1.3.15/saaj-impl-1.3.15.pom (same here)
9 .http://central.maven.org/maven2/com/sun/xml/txw2/txw2/20110809/txw2-20110809.pom (same here)
10 https://github.com/fusesource/hawtjni/blob/master/license.txt
11. https://github.com/hyperic/sigar/blob/master/NOTICE
12. https://wrapper.tanukisoftware.com/doc/english/licenseOverview.html
13. http://cxf.apache.org/docs/licenses.html
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 2)
Posted by Justin Mclean <ju...@classsoftware.com>.
HI,
Sorry I posted to the wrong vote thread I’ll repost to the correct one.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org